./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3695705231 <...> Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. execve("./syz-executor3695705231", ["./syz-executor3695705231"], 0x7fff5a2d5330 /* 10 vars */) = 0 brk(NULL) = 0x555556e0f000 brk(0x555556e0fd40) = 0x555556e0fd40 arch_prctl(ARCH_SET_FS, 0x555556e0f3c0) = 0 set_tid_address(0x555556e0f690) = 5033 set_robust_list(0x555556e0f6a0, 24) = 0 rseq(0x555556e0fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3695705231", 4096) = 28 getrandom("\xec\x6c\x19\xff\x0d\xff\x25\x1e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556e0fd40 brk(0x555556e30d40) = 0x555556e30d40 brk(0x555556e31000) = 0x555556e31000 mprotect(0x7f4381058000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.F1Lso8", 0700) = 0 chmod("./syzkaller.F1Lso8", 0777) = 0 chdir("./syzkaller.F1Lso8") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached , child_tidptr=0x555556e0f690) = 5034 [pid 5034] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5034] chdir("./0") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5034] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5036]}, 88) = 5036 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5034] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5036 attached [pid 5036] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5034] <... mprotect resumed>) = 0 [pid 5036] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5036] memfd_create("syzkaller", 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5037]}, 88) = 5037 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5037 attached [pid 5037] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5036] <... memfd_create resumed>) = 3 [pid 5037] <... rseq resumed>) = 0 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5036] <... mmap resumed>) = 0x7f4378b51000 [pid 5037] <... open resumed>) = 4 [pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] fallocate(4, 0, 35143, 7 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... write resumed>) = 262144 [pid 5036] munmap(0x7f4378b51000, 262144) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5036] ioctl(5, LOOP_SET_FD, 3 [pid 5037] <... fallocate resumed>) = 0 [pid 5037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... ioctl resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5036] close(3 [pid 5034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... close resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5036] mkdir("./file1", 0777 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5036] <... mkdir resumed>) = 0 [pid 5036] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5037] <... mount resumed>) = 0 [pid 5037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... open resumed>) = 3 [pid 5037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [ 46.803729][ T5036] syz-executor369[5036]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 46.816537][ T28] audit: type=1800 audit(1694162014.949:2): pid=5037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 46.842834][ T5036] loop0: detected capacity change from 0 to 512 [pid 5037] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... write resumed>) = 262144 [pid 5034] <... futex resumed>) = 0 [pid 5037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5036] ioctl(5, LOOP_CLR_FD) = 0 [pid 5036] close(5) = 0 [pid 5036] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] exit_group(0) = ? [pid 5036] <... futex resumed>) = ? [pid 5036] +++ exited with 0 +++ [pid 5037] <... futex resumed>) = ? [pid 5037] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached , child_tidptr=0x555556e0f690) = 5039 [pid 5039] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5039] chdir("./1") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5039] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5040 attached [pid 5040] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5039] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5040] <... rseq resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5040] memfd_create("syzkaller", 0 [pid 5039] <... mmap resumed>) = 0x7f4380f51000 [pid 5040] <... memfd_create resumed>) = 3 [pid 5039] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5039] <... mprotect resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5041 attached [pid 5041] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5039] <... clone3 resumed> => {parent_tid=[5041]}, 88) = 5041 [pid 5041] <... rseq resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5041] set_robust_list(0x7f4380f719a0, 24 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5039] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] <... futex resumed>) = 0 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 46.854183][ T5036] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 46.869089][ T5036] EXT4-fs (loop0): get root inode failed [ 46.874844][ T5036] EXT4-fs (loop0): mount failed [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5041] <... open resumed>) = 4 [pid 5041] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5041] fallocate(4, 0, 35143, 7) = 0 [pid 5041] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5039] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5039] <... futex resumed>) = 0 [pid 5041] <... mount resumed>) = 0 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5041] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5039] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5041] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5041] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... write resumed>) = 262144 [pid 5040] munmap(0x7f4378b51000, 262144) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5040] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file1", 0777) = 0 [ 46.931599][ T28] audit: type=1800 audit(1694162015.069:3): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 46.961397][ T5040] loop0: detected capacity change from 0 to 512 [pid 5040] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file1") = 0 [pid 5040] ioctl(6, LOOP_CLR_FD) = 0 [pid 5040] close(6) = 0 [pid 5040] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] exit_group(0 [pid 5041] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 46.980142][ T5040] EXT4-fs (loop0): 1 orphan inode deleted [ 46.986098][ T5040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.999299][ T5040] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/1/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5045 ./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5045] chdir("./2") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5045] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5046]}, 88) = 5046 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5046 attached [pid 5045] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5045] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 47.026505][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5047 attached [pid 5047] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5045] <... clone3 resumed> => {parent_tid=[5047]}, 88) = 5047 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] <... rseq resumed>) = 0 [pid 5045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], [pid 5045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] fallocate(3, 0, 35143, 7) = 0 [pid 5047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5045] <... futex resumed>) = 0 [pid 5047] <... mount resumed>) = 0 [pid 5045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 5047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5047] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] memfd_create("syzkaller", 0) = 5 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5046] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5046] munmap(0x7f4378b51000, 262144) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5046] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5046] close(5) = 0 [pid 5046] mkdir("./file1", 0777) = 0 [ 47.085893][ T28] audit: type=1800 audit(1694162015.209:4): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.106852][ T5046] loop0: detected capacity change from 0 to 512 [pid 5046] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5046] chdir("./file1") = 0 [pid 5046] ioctl(6, LOOP_CLR_FD) = 0 [pid 5046] close(6) = 0 [pid 5046] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] exit_group(0 [pid 5047] <... futex resumed>) = ? [pid 5046] <... futex resumed>) = ? [pid 5045] <... exit_group resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 47.134872][ T5046] EXT4-fs (loop0): 1 orphan inode deleted [ 47.140682][ T5046] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.153363][ T5046] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/2/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached , child_tidptr=0x555556e0f690) = 5050 [pid 5050] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5050] chdir("./3") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5050] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5051]}, 88) = 5051 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5051 attached [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5050] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5051] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5051] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... mprotect resumed>) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5052 attached [pid 5050] <... clone3 resumed> => {parent_tid=[5052]}, 88) = 5052 [pid 5052] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] <... rseq resumed>) = 0 [pid 5052] set_robust_list(0x7f4380f719a0, 24 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5051] <... memfd_create resumed>) = 3 [pid 5050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] <... futex resumed>) = 0 [ 47.191660][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... open resumed>) = 4 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5052] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] <... futex resumed>) = 0 [pid 5052] fallocate(4, 0, 35143, 7 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... mmap resumed>) = 0x7f4378b51000 [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5051] munmap(0x7f4378b51000, 262144) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5051] ioctl(5, LOOP_SET_FD, 3 [pid 5052] <... fallocate resumed>) = 0 [pid 5051] <... ioctl resumed>) = 0 [pid 5052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] close(3 [pid 5052] <... futex resumed>) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] <... close resumed>) = 0 [pid 5052] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] mkdir("./file1", 0777 [pid 5050] <... futex resumed>) = 0 [pid 5052] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5052] <... futex resumed>) = 0 [pid 5050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5050] <... futex resumed>) = 0 [pid 5052] <... open resumed>) = 3 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5052] <... futex resumed>) = 0 [pid 5050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... mkdir resumed>) = 0 [pid 5051] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5052] <... write resumed>) = 262144 [pid 5052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5052] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5051] ioctl(5, LOOP_CLR_FD) = 0 [pid 5051] close(5) = 0 [pid 5051] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] exit_group(0 [pid 5051] <... futex resumed>) = ? [pid 5050] <... exit_group resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5052] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555556e0f690) = 5053 [pid 5053] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5053] chdir("./4") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5053] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5053] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5055 attached => {parent_tid=[5055]}, 88) = 5055 [pid 5055] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] <... rseq resumed>) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] set_robust_list(0x7f4380f719a0, 24 [pid 5053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] <... futex resumed>) = 0 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 47.239795][ T28] audit: type=1800 audit(1694162015.379:5): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.249102][ T5051] loop0: detected capacity change from 0 to 512 [ 47.275821][ T5051] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 5054 attached ) = 3 [pid 5054] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] memfd_create("syzkaller", 0) = 4 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5054] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5054] munmap(0x7f4378b51000, 262144) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5054] ioctl(5, LOOP_SET_FD, 4 [pid 5055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... ioctl resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] close(4 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... close resumed>) = 0 [pid 5053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] mkdir("./file1", 0777 [pid 5055] fallocate(3, 0, 35143, 7 [pid 5054] <... mkdir resumed>) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5054] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... fallocate resumed>) = 0 [pid 5055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5055] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... mount resumed>) = 0 [pid 5055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open resumed>) = 4 [pid 5055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5055] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 47.316490][ T28] audit: type=1800 audit(1694162015.449:6): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.337482][ T5054] loop0: detected capacity change from 0 to 512 [pid 5053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... write resumed>) = 262144 [pid 5055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [ 47.364367][ T5054] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz-executor369: Invalid block bitmap block 2 in block_group 0 [ 47.381268][ T5054] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6627: Corrupt filesystem [ 47.390470][ T5054] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 47.400163][ T5054] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor369: mark_inode_dirty error [ 47.412100][ T5054] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 47.421781][ T5054] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor369: mark_inode_dirty error [ 47.433742][ T5054] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 47.443305][ T5054] EXT4-fs error (device loop0): ext4_truncate:4184: inode #16: comm syz-executor369: mark_inode_dirty error [ 47.455106][ T5054] EXT4-fs error (device loop0): ext4_evict_inode:260: comm syz-executor369: couldn't truncate inode 16 (err -117) [pid 5054] <... mount resumed>) = 0 [pid 5054] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5054] chdir("./file1") = 0 [pid 5054] ioctl(5, LOOP_CLR_FD) = 0 [pid 5054] close(5) = 0 [pid 5054] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] exit_group(0 [pid 5054] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... exit_group resumed>) = ? [pid 5054] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5055] <... futex resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 47.467323][ T5054] EXT4-fs (loop0): 1 orphan inode deleted [ 47.473031][ T5054] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.485167][ T5054] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/4/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached , child_tidptr=0x555556e0f690) = 5059 [pid 5059] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5059] chdir("./5") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5059] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5059] <... clone3 resumed> => {parent_tid=[5060]}, 88) = 5060 [pid 5060] <... rseq resumed>) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] set_robust_list(0x7f4380f929a0, 24 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... set_robust_list resumed>) = 0 [pid 5059] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] <... futex resumed>) = 0 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5059] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] memfd_create("syzkaller", 0 [pid 5059] <... futex resumed>) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5060] <... memfd_create resumed>) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5059] <... mmap resumed>) = 0x7f4380f51000 [pid 5059] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5060] <... mmap resumed>) = 0x7f4378b51000 [pid 5059] <... mprotect resumed>) = 0 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5061 attached [pid 5061] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... clone3 resumed> => {parent_tid=[5061]}, 88) = 5061 [pid 5060] <... write resumed>) = 262144 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] munmap(0x7f4378b51000, 262144 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 47.521735][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.531712][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 47.542120][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... munmap resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] fallocate(4, 0, 35143, 7 [pid 5060] <... openat resumed>) = 5 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] ioctl(5, LOOP_SET_FD, 3 [pid 5061] <... fallocate resumed>) = 0 [pid 5061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... ioctl resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5060] close(3 [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... close resumed>) = 0 [pid 5059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] mkdir("./file1", 0777 [pid 5059] <... futex resumed>) = 0 [pid 5061] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5060] <... mkdir resumed>) = 0 [pid 5059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... mount resumed>) = 0 [pid 5061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5061] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5060] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... open resumed>) = 3 [pid 5061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5061] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... write resumed>) = 262144 [pid 5061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] ioctl(5, LOOP_CLR_FD) = 0 [pid 5060] close(5) = 0 [pid 5060] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] exit_group(0) = ? [pid 5061] <... futex resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x555556e0f690) = 5062 [pid 5062] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5062] chdir("./6") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5062] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5063 attached => {parent_tid=[5063]}, 88) = 5063 [pid 5063] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] set_robust_list(0x7f4380f929a0, 24 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5062] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5064]}, 88) = 5064 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5063] munmap(0x7f4378b72000, 262144./strace-static-x86_64: Process 5064 attached [ 47.596421][ T28] audit: type=1800 audit(1694162015.729:7): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.599784][ T5060] loop0: detected capacity change from 0 to 512 [ 47.632549][ T5060] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5064] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5063] <... munmap resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... rseq resumed>) = 0 [pid 5064] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5063] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... open resumed>) = 5 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file1", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5064] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] fallocate(5, 0, 35143, 7) = 0 [pid 5064] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5064] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5062] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5062] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... open resumed>) = 3 [pid 5064] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5064] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5064] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 47.679684][ T5063] loop0: detected capacity change from 0 to 512 [ 47.680121][ T28] audit: type=1800 audit(1694162015.819:8): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5062] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... write resumed>) = 262144 [pid 5064] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5064] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] exit_group(0 [pid 5064] <... futex resumed>) = ? [pid 5062] <... exit_group resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5063] <... futex resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached , child_tidptr=0x555556e0f690) = 5067 [pid 5067] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5067] chdir("./7") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5067] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5067] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5068] <... rseq resumed>) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5068] memfd_create("syzkaller", 0 [pid 5067] <... mmap resumed>) = 0x7f4380f51000 [pid 5067] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5068] <... memfd_create resumed>) = 3 [pid 5067] <... mprotect resumed>) = 0 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5068] <... mmap resumed>) = 0x7f4378b51000 [pid 5067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5069 attached => {parent_tid=[5069]}, 88) = 5069 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] <... rseq resumed>) = 0 [pid 5067] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5069] set_robust_list(0x7f4380f719a0, 24 [pid 5067] <... futex resumed>) = 0 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 47.722129][ T5065] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 47.733261][ T5063] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 47.747303][ T5063] EXT4-fs (loop0): get root inode failed [ 47.753024][ T5063] EXT4-fs (loop0): mount failed [pid 5068] <... write resumed>) = 262144 [pid 5068] munmap(0x7f4378b51000, 262144 [pid 5069] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... munmap resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] fallocate(4, 0, 35143, 7 [pid 5068] <... openat resumed>) = 5 [pid 5068] ioctl(5, LOOP_SET_FD, 3 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file1", 0777 [pid 5069] <... fallocate resumed>) = 0 [pid 5069] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5068] <... mkdir resumed>) = 0 [pid 5069] <... mount resumed>) = 0 [pid 5068] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5069] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5069] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5069] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [ 47.812725][ T28] audit: type=1800 audit(1694162015.949:9): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.836237][ T5068] loop0: detected capacity change from 0 to 512 [pid 5069] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5068] ioctl(5, LOOP_CLR_FD) = 0 [pid 5068] close(5) = 0 [pid 5068] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] exit_group(0 [pid 5069] <... futex resumed>) = ? [pid 5068] <... futex resumed>) = ? [pid 5067] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 [ 47.857210][ T5068] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached , child_tidptr=0x555556e0f690) = 5070 [pid 5070] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5070] chdir("./8") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5070] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5071 attached [pid 5071] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5071] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... clone3 resumed> => {parent_tid=[5071]}, 88) = 5071 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... mmap resumed>) = 0x7f4378b72000 [pid 5070] <... futex resumed>) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5070] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5072]}, 88) = 5072 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5072] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] <... write resumed>) = 262144 [pid 5072] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5071] munmap(0x7f4378b72000, 262144 [pid 5072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... munmap resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] fallocate(4, 0, 35143, 7 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... openat resumed>) = 5 [pid 5071] ioctl(5, LOOP_SET_FD, 3 [pid 5072] <... fallocate resumed>) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file1", 0777 [pid 5072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5071] <... mkdir resumed>) = 0 [pid 5071] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5072] <... mount resumed>) = 0 [pid 5072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [pid 5072] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [ 47.930390][ T28] audit: type=1800 audit(1694162016.069:10): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 47.954571][ T5071] loop0: detected capacity change from 0 to 512 [pid 5072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5071] ioctl(5, LOOP_CLR_FD) = 0 [pid 5071] close(5) = 0 [pid 5071] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] exit_group(0) = ? [pid 5072] <... futex resumed>) = ? [pid 5071] <... futex resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x555556e0f690) = 5073 [pid 5073] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5073] chdir("./9") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5073] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5074 attached => {parent_tid=[5074]}, 88) = 5074 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5073] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5074] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5074] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [ 47.977059][ T5071] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5073] <... mprotect resumed>) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5073] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5075 attached => {parent_tid=[5075]}, 88) = 5075 [pid 5075] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... rseq resumed>) = 0 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] set_robust_list(0x7f4380f719a0, 24 [pid 5073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5073] <... futex resumed>) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5074] <... write resumed>) = 262144 [pid 5074] munmap(0x7f4378b51000, 262144 [pid 5075] <... open resumed>) = 4 [pid 5074] <... munmap resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5074] ioctl(5, LOOP_SET_FD, 3 [pid 5075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5075] fallocate(4, 0, 35143, 7 [pid 5073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... ioctl resumed>) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file1", 0777) = 0 [pid 5074] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5075] <... fallocate resumed>) = 0 [pid 5075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... write resumed>) = 262144 [pid 5075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5074] ioctl(5, LOOP_CLR_FD) = 0 [pid 5074] close(5) = 0 [pid 5074] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] exit_group(0 [pid 5075] <... futex resumed>) = ? [pid 5074] <... futex resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x555556e0f690) = 5076 [pid 5076] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5076] chdir("./10") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [ 48.049697][ T28] audit: type=1800 audit(1694162016.189:11): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 48.057550][ T5074] loop0: detected capacity change from 0 to 512 [ 48.087530][ T5074] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5076] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5077]}, 88) = 5077 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5076] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5077 attached ) = 0 [pid 5077] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5077] set_robust_list(0x7f4380f929a0, 24 [pid 5076] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5078 attached [pid 5077] memfd_create("syzkaller", 0 [pid 5078] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5078] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... memfd_create resumed>) = 3 [pid 5076] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5076] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... write resumed>) = 262144 [pid 5078] <... futex resumed>) = 1 [pid 5077] munmap(0x7f4378b51000, 262144 [pid 5076] <... futex resumed>) = 0 [pid 5078] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... munmap resumed>) = 0 [pid 5076] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5078] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5078] fallocate(4, 0, 35143, 7 [pid 5076] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... openat resumed>) = 5 [pid 5077] ioctl(5, LOOP_SET_FD, 3 [pid 5078] <... fallocate resumed>) = 0 [pid 5077] <... ioctl resumed>) = 0 [pid 5078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] close(3 [pid 5078] <... futex resumed>) = 1 [pid 5077] <... close resumed>) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5078] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] mkdir("./file1", 0777 [pid 5076] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... mkdir resumed>) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5078] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5077] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5076] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... mount resumed>) = 0 [pid 5078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5078] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5077] ioctl(5, LOOP_CLR_FD) = 0 [pid 5077] close(5) = 0 [pid 5077] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] exit_group(0 [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] <... exit_group resumed>) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5079] chdir("./11") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5079] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5080]}, 88) = 5080 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5080 attached [pid 5079] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... rseq resumed>) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5079] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5080] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5079] <... mprotect resumed>) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5080] memfd_create("syzkaller", 0 [pid 5079] <... clone3 resumed> => {parent_tid=[5081]}, 88) = 5081 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5081] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5080] <... memfd_create resumed>) = 4 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] <... open resumed>) = 3 [pid 5081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... mmap resumed>) = 0x7f4378b51000 [pid 5081] <... futex resumed>) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5081] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] fallocate(3, 0, 35143, 7 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5080] munmap(0x7f4378b51000, 262144 [pid 5081] <... fallocate resumed>) = 0 [ 48.149698][ T5077] loop0: detected capacity change from 0 to 512 [ 48.167163][ T5077] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... munmap resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5079] <... futex resumed>) = 0 [pid 5081] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... openat resumed>) = 5 [pid 5080] ioctl(5, LOOP_SET_FD, 4 [pid 5079] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5081] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5079] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... mount resumed>) = 0 [pid 5081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... open resumed>) = 6 [pid 5081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... ioctl resumed>) = 0 [pid 5080] close(4) = 0 [pid 5080] mkdir("./file1", 0777 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5079] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... write resumed>) = 262144 [pid 5081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5081] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... mkdir resumed>) = 0 [pid 5080] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 5080] ioctl(5, LOOP_CLR_FD) = 0 [pid 5080] close(5) = 0 [pid 5080] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] exit_group(0 [pid 5081] <... futex resumed>) = ? [pid 5080] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5079] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 48.231937][ T5080] loop0: detected capacity change from 0 to 512 [ 48.249405][ T5080] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5082] chdir("./12") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5082] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5083]}, 88) = 5083 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... rseq resumed>) = 0 [pid 5083] set_robust_list(0x7f4380f929a0, 24 [pid 5082] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5082] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] <... mprotect resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5084 attached => {parent_tid=[5084]}, 88) = 5084 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... rseq resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] set_robust_list(0x7f4380f719a0, 24 [pid 5082] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] memfd_create("syzkaller", 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5083] <... memfd_create resumed>) = 4 [pid 5084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5084] fallocate(3, 0, 35143, 7 [pid 5082] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... mmap resumed>) = 0x7f4378b51000 [pid 5083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] <... fallocate resumed>) = 0 [pid 5083] <... write resumed>) = 262144 [pid 5084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] munmap(0x7f4378b51000, 262144 [pid 5084] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... munmap resumed>) = 0 [pid 5082] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... mount resumed>) = 0 [pid 5083] <... openat resumed>) = 5 [pid 5084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(5, LOOP_SET_FD, 4 [pid 5084] <... futex resumed>) = 1 [pid 5084] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed>) = 0 [pid 5082] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5082] <... futex resumed>) = 1 [pid 5083] <... close resumed>) = 0 [pid 5084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 5083] mkdir("./file1", 0777 [pid 5082] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... futex resumed>) = 0 [pid 5084] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5082] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... mkdir resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5083] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5082] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... write resumed>) = 262144 [pid 5084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] ioctl(5, LOOP_CLR_FD) = 0 [pid 5083] close(5) = 0 [pid 5083] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] exit_group(0 [pid 5084] <... futex resumed>) = ? [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x555556e0f690) = 5085 [pid 5085] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5085] chdir("./13") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5085] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5086 attached => {parent_tid=[5086]}, 88) = 5086 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5085] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5086] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 5087 attached [pid 5086] set_robust_list(0x7f4380f929a0, 24 [pid 5085] <... clone3 resumed> => {parent_tid=[5087]}, 88) = 5087 [pid 5087] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] <... rseq resumed>) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] set_robust_list(0x7f4380f719a0, 24 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 48.316400][ T5083] loop0: detected capacity change from 0 to 512 [ 48.329182][ T5083] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5087] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5086] memfd_create("syzkaller", 0 [pid 5087] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... memfd_create resumed>) = 4 [pid 5085] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5085] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] fallocate(3, 0, 35143, 7 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5087] <... fallocate resumed>) = 0 [pid 5087] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5087] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 1 [pid 5086] <... mmap resumed>) = 0x7f4378b51000 [pid 5085] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5087] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5085] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... open resumed>) = 5 [pid 5087] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5086] munmap(0x7f4378b51000, 262144) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5086] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [ 48.390283][ T5086] loop0: detected capacity change from 0 to 512 [ 48.411125][ T5086] EXT4-fs (loop0): 1 orphan inode deleted [ 48.416846][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5086] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(6, LOOP_CLR_FD) = 0 [pid 5086] close(6) = 0 [pid 5086] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] exit_group(0 [pid 5087] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] <... futex resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 48.429919][ T5086] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/13/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x555556e0f690) = 5091 [pid 5091] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5091] chdir("./14") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5091] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5092] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5092] memfd_create("syzkaller", 0 [pid 5091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5092] <... memfd_create resumed>) = 3 [pid 5091] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5091] <... mprotect resumed>) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5093]}, 88) = 5093 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5093 attached [pid 5091] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5093] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5093] <... open resumed>) = 4 [pid 5092] <... write resumed>) = 262144 [pid 5092] munmap(0x7f4378b51000, 262144) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5092] ioctl(5, LOOP_SET_FD, 3 [ 48.468577][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5093] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5093] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... ioctl resumed>) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5093] fallocate(4, 0, 35143, 7 [pid 5092] close(3 [pid 5091] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... close resumed>) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5093] <... fallocate resumed>) = 0 [pid 5093] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5093] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5093] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5091] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... mount resumed>) = 0 [pid 5093] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5093] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5091] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... write resumed>) = 262144 [pid 5093] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5093] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5092] ioctl(5, LOOP_CLR_FD) = 0 [pid 5092] close(5) = 0 [pid 5092] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5091] <... exit_group resumed>) = ? [pid 5093] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 [ 48.515053][ T5092] loop0: detected capacity change from 0 to 512 [ 48.537563][ T5092] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 48.552122][ T5092] EXT4-fs (loop0): get root inode failed [ 48.558285][ T5092] EXT4-fs (loop0): mount failed mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555556e0f690) = 5095 [pid 5095] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5095] chdir("./15") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5095] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] memfd_create("syzkaller", 0 [pid 5095] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] <... memfd_create resumed>) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5095] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5095] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5096] <... write resumed>) = 262144 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] munmap(0x7f4378b72000, 262144 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5097] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5096] <... munmap resumed>) = 0 [pid 5095] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 4 [pid 5097] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5095] <... futex resumed>) = 0 [pid 5097] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... openat resumed>) = 5 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] ioctl(5, LOOP_SET_FD, 3 [pid 5097] fallocate(4, 0, 35143, 7 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed>) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5097] <... fallocate resumed>) = 0 [pid 5097] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5097] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5097] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5097] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5095] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.626684][ T5096] loop0: detected capacity change from 0 to 512 [ 48.650157][ T5096] EXT4-fs (loop0): 1 orphan inode deleted [ 48.655986][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5095] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... write resumed>) = 262144 [pid 5097] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5097] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... mount resumed>) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5096] chdir("./file1") = 0 [pid 5096] ioctl(5, LOOP_CLR_FD) = 0 [pid 5096] close(5) = 0 [pid 5096] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 48.668940][ T5096] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/15/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5100] chdir("./16") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5100] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5101 attached => {parent_tid=[5101]}, 88) = 5101 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] <... rseq resumed>) = 0 [pid 5101] set_robust_list(0x7f4380f929a0, 24 [pid 5100] <... mmap resumed>) = 0x7f4380f51000 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5100] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] <... mprotect resumed>) = 0 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5101] memfd_create("syzkaller", 0 [pid 5100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5101] <... memfd_create resumed>) = 3 [pid 5100] <... clone3 resumed> => {parent_tid=[5102]}, 88) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5102] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5100] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5101] <... write resumed>) = 262144 [pid 5102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] munmap(0x7f4378b51000, 262144 [pid 5100] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5102] fallocate(4, 0, 35143, 7 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... munmap resumed>) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 48.701117][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.711168][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 48.720811][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5101] ioctl(5, LOOP_SET_FD, 3 [pid 5102] <... fallocate resumed>) = 0 [pid 5102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... ioctl resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] close(3) = 0 [pid 5101] mkdir("./file1", 0777) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5102] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5102] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5102] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5102] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5100] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... write resumed>) = 262144 [pid 5102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 0 [pid 5101] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5101] ioctl(5, LOOP_CLR_FD) = 0 [pid 5101] close(5) = 0 [pid 5101] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5100] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5103] chdir("./17") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5103] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5104 attached [ 48.774292][ T5101] loop0: detected capacity change from 0 to 512 [ 48.797258][ T5101] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5104] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5104] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... clone3 resumed> => {parent_tid=[5104]}, 88) = 5104 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5104] memfd_create("syzkaller", 0 [pid 5103] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... memfd_create resumed>) = 3 [pid 5103] <... futex resumed>) = 0 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5104] <... mmap resumed>) = 0x7f4378b51000 [pid 5103] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5105 attached [pid 5105] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5103] <... clone3 resumed> => {parent_tid=[5105]}, 88) = 5105 [pid 5105] <... rseq resumed>) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] set_robust_list(0x7f4380f719a0, 24 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... set_robust_list resumed>) = 0 [pid 5103] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... futex resumed>) = 0 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5105] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5105] fallocate(4, 0, 35143, 7 [pid 5103] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... write resumed>) = 262144 [pid 5104] munmap(0x7f4378b51000, 262144) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5104] ioctl(5, LOOP_SET_FD, 3 [pid 5105] <... fallocate resumed>) = 0 [pid 5105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... ioctl resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] close(3 [pid 5103] <... futex resumed>) = 0 [pid 5105] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5104] <... close resumed>) = 0 [pid 5103] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] mkdir("./file1", 0777 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... mkdir resumed>) = 0 [pid 5105] <... mount resumed>) = 0 [pid 5104] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5105] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5105] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5103] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 3 [pid 5105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5103] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... write resumed>) = 262144 [pid 5105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5105] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5104] ioctl(5, LOOP_CLR_FD) = 0 [pid 5104] close(5) = 0 [pid 5104] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] exit_group(0 [pid 5105] <... futex resumed>) = ? [pid 5104] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5103] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 48.864901][ T5104] loop0: detected capacity change from 0 to 512 [ 48.878331][ T5106] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 48.878649][ T5104] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 48.903424][ T5104] EXT4-fs (loop0): get root inode failed [ 48.909139][ T5104] EXT4-fs (loop0): mount failed newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x555556e0f690) = 5108 [pid 5108] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5108] chdir("./18") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5108] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5109 attached => {parent_tid=[5109]}, 88) = 5109 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5108] <... futex resumed>) = 0 [pid 5109] <... rseq resumed>) = 0 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] set_robust_list(0x7f4380f929a0, 24 [pid 5108] <... futex resumed>) = 0 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... mmap resumed>) = 0x7f4380f51000 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5108] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5110]}, 88) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] <... rseq resumed>) = 0 [pid 5110] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5110] <... open resumed>) = 4 [pid 5110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... write resumed>) = 262144 [pid 5110] <... futex resumed>) = 1 [pid 5109] munmap(0x7f4378b51000, 262144 [pid 5110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 0 [pid 5109] <... munmap resumed>) = 0 [pid 5108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5108] <... futex resumed>) = 1 [pid 5110] fallocate(4, 0, 35143, 7 [pid 5109] <... openat resumed>) = 5 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] ioctl(5, LOOP_SET_FD, 3 [pid 5110] <... fallocate resumed>) = 0 [pid 5109] <... ioctl resumed>) = 0 [pid 5110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] close(3 [pid 5110] <... futex resumed>) = 1 [pid 5109] <... close resumed>) = 0 [pid 5108] <... futex resumed>) = 0 [pid 5110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] mkdir("./file1", 0777 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... mkdir resumed>) = 0 [pid 5108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5109] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5110] <... mount resumed>) = 0 [pid 5108] <... futex resumed>) = 0 [pid 5110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 1 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5108] <... futex resumed>) = 1 [pid 5108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... write resumed>) = 262144 [pid 5110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5109] ioctl(5, LOOP_CLR_FD) = 0 [pid 5109] close(5) = 0 [pid 5109] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] exit_group(0) = ? [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x555556e0f690) = 5111 [pid 5111] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5111] chdir("./19") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5111] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5112] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f4380f929a0, 24 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5111] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... futex resumed>) = 0 [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5111] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5112] memfd_create("syzkaller", 0 [pid 5111] <... mprotect resumed>) = 0 [pid 5112] <... memfd_create resumed>) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5112] <... mmap resumed>) = 0x7f4378b51000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5111] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5113]}, 88) = 5113 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5113 attached [pid 5113] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5113] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5112] <... write resumed>) = 262144 [pid 5112] munmap(0x7f4378b51000, 262144 [pid 5113] <... open resumed>) = 4 [pid 5112] <... munmap resumed>) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 48.980475][ T5109] loop0: detected capacity change from 0 to 512 [ 48.997356][ T5109] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5112] ioctl(5, LOOP_SET_FD, 3 [pid 5113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... ioctl resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5112] close(3 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] fallocate(4, 0, 35143, 7 [pid 5112] <... close resumed>) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5113] <... fallocate resumed>) = 0 [pid 5113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5113] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.047404][ T5112] loop0: detected capacity change from 0 to 512 [ 49.074378][ T5114] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5113] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5112] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5112] ioctl(5, LOOP_CLR_FD) = 0 [pid 5112] close(5) = 0 [pid 5112] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] exit_group(0 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5111] <... exit_group resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x555556e0f690) = 5116 [pid 5116] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5116] chdir("./20") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5116] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5117]}, 88) = 5117 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5117 attached ) = 0x7f4380f51000 [pid 5117] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5116] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5117] <... rseq resumed>) = 0 [pid 5117] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5116] <... mprotect resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5117] <... mmap resumed>) = 0x7f4378b51000 [pid 5116] <... clone3 resumed> => {parent_tid=[5118]}, 88) = 5118 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [ 49.074967][ T5112] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 49.099398][ T5112] EXT4-fs (loop0): get root inode failed [ 49.105195][ T5112] EXT4-fs (loop0): mount failed [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5118] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5117] <... write resumed>) = 262144 [pid 5118] <... rseq resumed>) = 0 [pid 5118] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5117] munmap(0x7f4378b51000, 262144 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] <... munmap resumed>) = 0 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5117] <... openat resumed>) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3 [pid 5118] <... open resumed>) = 5 [pid 5118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5118] fallocate(5, 0, 35143, 7 [pid 5116] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... ioctl resumed>) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5118] <... fallocate resumed>) = 0 [pid 5118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5118] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5116] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... mount resumed>) = 0 [pid 5118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5116] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... open resumed>) = 3 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5118] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5116] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... write resumed>) = 262144 [pid 5118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5116] <... exit_group resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x555556e0f690) = 5119 [pid 5119] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5119] chdir("./21") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5119] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5120 attached => {parent_tid=[5120]}, 88) = 5120 [pid 5120] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... rseq resumed>) = 0 [pid 5120] set_robust_list(0x7f4380f929a0, 24 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5119] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5121 attached => {parent_tid=[5121]}, 88) = 5121 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 49.174446][ T5117] loop0: detected capacity change from 0 to 512 [ 49.189016][ T5117] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5121] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5121] <... rseq resumed>) = 0 [pid 5121] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5121] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5121] fallocate(4, 0, 35143, 7 [pid 5119] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... write resumed>) = 262144 [pid 5120] munmap(0x7f4378b51000, 262144) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5120] ioctl(5, LOOP_SET_FD, 3 [pid 5121] <... fallocate resumed>) = 0 [pid 5120] <... ioctl resumed>) = 0 [pid 5121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] close(3 [pid 5121] <... futex resumed>) = 1 [pid 5121] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5121] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5119] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... close resumed>) = 0 [pid 5120] mkdir("./file1", 0777 [pid 5121] <... mount resumed>) = 0 [pid 5121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5119] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... mkdir resumed>) = 0 [pid 5121] <... open resumed>) = 3 [pid 5120] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5121] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5120] ioctl(5, LOOP_CLR_FD) = 0 [pid 5120] close(5) = 0 [pid 5120] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0 [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] <... exit_group resumed>) = ? [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5122] chdir("./22") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5122 [pid 5122] <... setpgid resumed>) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5122] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5122] <... clone3 resumed> => {parent_tid=[5123]}, 88) = 5123 [pid 5123] <... rseq resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] set_robust_list(0x7f4380f929a0, 24 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] <... set_robust_list resumed>) = 0 [pid 5122] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5123] <... memfd_create resumed>) = 3 [pid 5122] <... mmap resumed>) = 0x7f4380f51000 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5122] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5122] <... mprotect resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5124]}, 88) = 5124 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... write resumed>) = 262144 [pid 5123] munmap(0x7f4378b51000, 262144./strace-static-x86_64: Process 5124 attached [pid 5124] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [ 49.244028][ T5120] loop0: detected capacity change from 0 to 512 [ 49.272060][ T5120] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5124] set_robust_list(0x7f4380f719a0, 24 [pid 5123] <... munmap resumed>) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... ioctl resumed>) = 0 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file1", 0777 [pid 5124] <... open resumed>) = 3 [pid 5123] <... mkdir resumed>) = 0 [pid 5123] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5122] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] fallocate(3, 0, 35143, 7) = 0 [pid 5124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5124] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5122] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... open resumed>) = 5 [pid 5124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [ 49.322826][ T5123] loop0: detected capacity change from 0 to 512 [ 49.341825][ T5125] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 49.350303][ T5123] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 49.367387][ T5123] EXT4-fs (loop0): get root inode failed [pid 5123] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0 [pid 5124] <... futex resumed>) = ? [pid 5123] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 [ 49.373023][ T5123] EXT4-fs (loop0): mount failed mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x555556e0f690) = 5127 [pid 5127] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5127] chdir("./23") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5127] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5127] <... clone3 resumed> => {parent_tid=[5128]}, 88) = 5128 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... rseq resumed>) = 0 [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5127] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] <... futex resumed>) = 0 [pid 5128] memfd_create("syzkaller", 0 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5128] <... memfd_create resumed>) = 3 [pid 5127] <... mmap resumed>) = 0x7f4380f51000 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5127] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5128] <... mmap resumed>) = 0x7f4378b51000 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5127] <... mprotect resumed>) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5129 attached => {parent_tid=[5129]}, 88) = 5129 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5129] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... write resumed>) = 262144 [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5127] <... futex resumed>) = 0 [pid 5129] <... open resumed>) = 4 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] munmap(0x7f4378b51000, 262144 [pid 5129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... munmap resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5127] <... futex resumed>) = 0 [pid 5129] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5129] fallocate(4, 0, 35143, 7 [pid 5128] <... openat resumed>) = 5 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] ioctl(5, LOOP_SET_FD, 3 [pid 5129] <... fallocate resumed>) = 0 [pid 5129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5129] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... ioctl resumed>) = 0 [pid 5127] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] close(3) = 0 [pid 5128] mkdir("./file1", 0777 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5128] <... mkdir resumed>) = 0 [pid 5128] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5129] <... mount resumed>) = 0 [pid 5129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5129] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5129] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5129] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5127] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... write resumed>) = 262144 [pid 5129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5129] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5128] ioctl(5, LOOP_CLR_FD) = 0 [pid 5128] close(5) = 0 [pid 5128] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] <... exit_group resumed>) = ? [pid 5129] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached , child_tidptr=0x555556e0f690) = 5130 [pid 5130] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5130] chdir("./24") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5130] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5131 attached => {parent_tid=[5131]}, 88) = 5131 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5131] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5130] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5131] set_robust_list(0x7f4380f929a0, 24 [pid 5130] <... mprotect resumed>) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] memfd_create("syzkaller", 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5131] <... memfd_create resumed>) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5130] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5131] <... mmap resumed>) = 0x7f4378b51000 [pid 5130] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [ 49.441010][ T5128] loop0: detected capacity change from 0 to 512 [ 49.457013][ T5128] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5132] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5132] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] <... write resumed>) = 262144 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] munmap(0x7f4378b51000, 262144 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5131] <... munmap resumed>) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5131] ioctl(5, LOOP_SET_FD, 3 [pid 5132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5132] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] <... futex resumed>) = 0 [pid 5132] fallocate(4, 0, 35143, 7 [pid 5130] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... ioctl resumed>) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5132] <... fallocate resumed>) = 0 [pid 5132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5130] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5132] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5130] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 3 [pid 5132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5130] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5132] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5131] ioctl(5, LOOP_CLR_FD) = 0 [pid 5131] close(5) = 0 [pid 5131] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] exit_group(0 [pid 5132] <... futex resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5130] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 49.536283][ T5131] loop0: detected capacity change from 0 to 512 [ 49.550393][ T5131] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor369: lblock 0 mapped to illegal pblock 9 (length 1) [ 49.565020][ T5131] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 49.580466][ T5131] EXT4-fs (loop0): mount failed rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x555556e0f690) = 5135 [pid 5135] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5135] chdir("./25") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5135] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5136]}, 88) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5135] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5135] <... futex resumed>) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5136] <... mmap resumed>) = 0x7f4378b72000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5135] <... mmap resumed>) = 0x7f4378b51000 [pid 5135] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5137 attached => {parent_tid=[5137]}, 88) = 5137 [pid 5137] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... rseq resumed>) = 0 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] set_robust_list(0x7f4378b719a0, 24 [pid 5135] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] <... write resumed>) = 262144 [pid 5136] munmap(0x7f4378b72000, 262144 [pid 5137] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5136] <... munmap resumed>) = 0 [pid 5137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] <... futex resumed>) = 0 [pid 5137] fallocate(4, 0, 35143, 7 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5136] ioctl(5, LOOP_SET_FD, 3 [pid 5137] <... fallocate resumed>) = 0 [pid 5137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... ioctl resumed>) = 0 [pid 5135] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] close(3 [pid 5137] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5136] <... close resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5137] <... mount resumed>) = 0 [pid 5136] mkdir("./file1", 0777 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... mkdir resumed>) = 0 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5135] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5135] <... futex resumed>) = 0 [pid 5137] <... open resumed>) = 3 [pid 5136] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5135] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... write resumed>) = 262144 [pid 5137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5136] ioctl(5, LOOP_CLR_FD) = 0 [pid 5136] close(5) = 0 [pid 5136] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5138] chdir("./26") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5138] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [ 49.646791][ T5136] loop0: detected capacity change from 0 to 512 [ 49.672724][ T5136] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 49.683547][ T5136] EXT4-fs (loop0): group descriptors corrupted! [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5139]}, 88) = 5139 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5138] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5139 attached ./strace-static-x86_64: Process 5140 attached [pid 5140] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5139] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5138] <... clone3 resumed> => {parent_tid=[5140]}, 88) = 5140 [pid 5140] <... rseq resumed>) = 0 [pid 5139] <... rseq resumed>) = 0 [pid 5140] set_robust_list(0x7f4380f719a0, 24 [pid 5139] set_robust_list(0x7f4380f929a0, 24 [pid 5140] <... set_robust_list resumed>) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] memfd_create("syzkaller", 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5139] <... memfd_create resumed>) = 3 [pid 5138] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5139] <... mmap resumed>) = 0x7f4378b51000 [pid 5138] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] fallocate(4, 0, 35143, 7 [pid 5138] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7f4378b51000, 262144) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5139] ioctl(5, LOOP_SET_FD, 3 [pid 5140] <... fallocate resumed>) = 0 [pid 5140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5139] <... ioctl resumed>) = 0 [pid 5138] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5139] close(3 [pid 5138] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... mount resumed>) = 0 [pid 5139] <... close resumed>) = 0 [pid 5139] mkdir("./file1", 0777 [pid 5140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... mkdir resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5140] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5139] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5138] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... open resumed>) = 3 [pid 5140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5138] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... write resumed>) = 262144 [pid 5140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5139] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5139] ioctl(5, LOOP_CLR_FD) = 0 [pid 5139] close(5) = 0 [pid 5139] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 49.743947][ T5139] loop0: detected capacity change from 0 to 512 [ 49.758384][ T5141] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 49.769568][ T5139] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 49.783502][ T5139] EXT4-fs (loop0): get root inode failed [ 49.789364][ T5139] EXT4-fs (loop0): mount failed newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x555556e0f690) = 5143 [pid 5143] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5143] chdir("./27") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5143] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5144 attached [pid 5144] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5144] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... clone3 resumed> => {parent_tid=[5144]}, 88) = 5144 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] memfd_create("syzkaller", 0 [pid 5143] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5144] <... memfd_create resumed>) = 3 [pid 5143] <... mmap resumed>) = 0x7f4380f51000 [pid 5143] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5143] <... mprotect resumed>) = 0 [pid 5144] <... mmap resumed>) = 0x7f4378b51000 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5143] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5145]}, 88) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5144] <... write resumed>) = 262144 [pid 5145] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5144] munmap(0x7f4378b51000, 262144 [pid 5145] <... rseq resumed>) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5144] <... munmap resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5144] ioctl(5, LOOP_SET_FD, 3 [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... ioctl resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5144] close(3 [pid 5145] fallocate(4, 0, 35143, 7 [pid 5144] <... close resumed>) = 0 [pid 5143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] mkdir("./file1", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... fallocate resumed>) = 0 [pid 5145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5143] <... futex resumed>) = 0 [pid 5145] <... open resumed>) = 3 [pid 5143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... write resumed>) = 262144 [pid 5145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5144] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5144] ioctl(5, LOOP_CLR_FD) = 0 [pid 5144] close(5) = 0 [pid 5144] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5143] <... exit_group resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5146] chdir("./28") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5146] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5146] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] <... rseq resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5146] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5147] memfd_create("syzkaller", 0 [pid 5146] <... mprotect resumed>) = 0 [pid 5147] <... memfd_create resumed>) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5147] <... mmap resumed>) = 0x7f4378b51000 [pid 5146] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5146] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 [pid 5148] set_robust_list(0x7f4380f719a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] <... set_robust_list resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 4 [pid 5148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] fallocate(4, 0, 35143, 7 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7f4378b51000, 262144) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 49.859688][ T5144] loop0: detected capacity change from 0 to 512 [ 49.877335][ T5144] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5147] ioctl(5, LOOP_SET_FD, 3 [pid 5148] <... fallocate resumed>) = 0 [pid 5148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... ioctl resumed>) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5146] <... futex resumed>) = 0 [pid 5147] close(3 [pid 5148] <... mount resumed>) = 0 [pid 5146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... close resumed>) = 0 [pid 5148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 3 [pid 5148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5148] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5147] mkdir("./file1", 0777 [pid 5146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... write resumed>) = 262144 [pid 5147] <... mkdir resumed>) = 0 [pid 5148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5148] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5147] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5147] ioctl(5, LOOP_CLR_FD) = 0 [pid 5147] close(5) = 0 [pid 5147] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5147] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ [pid 5146] <... exit_group resumed>) = ? [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5149] chdir("./29") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5149] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [ 49.937266][ T5147] loop0: detected capacity change from 0 to 512 [ 49.953254][ T5147] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5150] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] set_robust_list(0x7f4380f929a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... futex resumed>) = 0 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] memfd_create("syzkaller", 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5149] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5150] <... memfd_create resumed>) = 3 [pid 5149] <... mprotect resumed>) = 0 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5150] <... mmap resumed>) = 0x7f4378b51000 [pid 5149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5151] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 4 [pid 5151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... write resumed>) = 262144 [pid 5150] munmap(0x7f4378b51000, 262144 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5151] fallocate(4, 0, 35143, 7 [pid 5149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... munmap resumed>) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5150] ioctl(5, LOOP_SET_FD, 3 [pid 5151] <... fallocate resumed>) = 0 [pid 5151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... ioctl resumed>) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5150] close(3 [pid 5149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... close resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5150] mkdir("./file1", 0777 [pid 5149] <... futex resumed>) = 1 [pid 5151] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5150] <... mkdir resumed>) = 0 [pid 5149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5151] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 3 [pid 5151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = 262144 [pid 5151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5150] ioctl(5, LOOP_CLR_FD) = 0 [pid 5150] close(5) = 0 [pid 5150] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0) = ? [pid 5150] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5151] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x555556e0f690) = 5152 [pid 5152] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5152] chdir("./30") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5152] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5153]}, 88) = 5153 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [ 50.009467][ T5150] loop0: detected capacity change from 0 to 512 [ 50.027004][ T5150] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5152] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5152] <... mprotect resumed>) = 0 [pid 5153] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5154 attached [pid 5153] memfd_create("syzkaller", 0 [pid 5152] <... clone3 resumed> => {parent_tid=[5154]}, 88) = 5154 [pid 5154] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5153] <... memfd_create resumed>) = 3 [pid 5154] <... rseq resumed>) = 0 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5154] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5153] <... mmap resumed>) = 0x7f4378b51000 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... open resumed>) = 4 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] fallocate(4, 0, 35143, 7 [pid 5153] <... write resumed>) = 262144 [pid 5153] munmap(0x7f4378b51000, 262144) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5153] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file1", 0777 [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5152] futex(0x7f438105e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b70000 [pid 5152] mprotect(0x7f4378b71000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b90990, parent_tid=0x7f4378b90990, exit_signal=0, stack=0x7f4378b70000, stack_size=0x20300, tls=0x7f4378b906c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f4378b90fe0, 0x20, 0, 0x53053053 [pid 5152] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5155] <... rseq resumed>) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] set_robust_list(0x7f4378b909a0, 24 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5152] futex(0x7f438105e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... futex resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7f438105e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.108233][ T5153] loop0: detected capacity change from 0 to 512 [pid 5155] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5154] <... fallocate resumed>) = 0 [pid 5153] <... mkdir resumed>) = 0 [pid 5154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5154] <... futex resumed>) = 0 [pid 5155] <... mount resumed>) = 0 [pid 5154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f438105e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f438105e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 0 [pid 5154] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5154] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... write resumed>) = 262144 [pid 5154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5153] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5153] ioctl(5, LOOP_CLR_FD) = 0 [pid 5153] close(5) = 0 [pid 5153] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 50.193021][ T5153] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 50.207297][ T5153] EXT4-fs (loop0): get root inode failed [ 50.213000][ T5153] EXT4-fs (loop0): mount failed umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached , child_tidptr=0x555556e0f690) = 5158 [pid 5158] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5158] chdir("./31") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5158] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5159 attached => {parent_tid=[5159]}, 88) = 5159 [pid 5159] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] set_robust_list(0x7f4380f929a0, 24 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... futex resumed>) = 0 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] memfd_create("syzkaller", 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5159] <... memfd_create resumed>) = 3 [pid 5158] <... mmap resumed>) = 0x7f4380f51000 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5158] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5159] <... mmap resumed>) = 0x7f4378b51000 [pid 5158] <... mprotect resumed>) = 0 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5160 attached => {parent_tid=[5160]}, 88) = 5160 [pid 5160] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... rseq resumed>) = 0 [pid 5159] <... write resumed>) = 262144 [pid 5158] <... futex resumed>) = 0 [pid 5159] munmap(0x7f4378b51000, 262144 [pid 5158] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... munmap resumed>) = 0 [pid 5160] set_robust_list(0x7f4380f719a0, 24 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5160] <... set_robust_list resumed>) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5160] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5159] <... openat resumed>) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3 [pid 5160] <... open resumed>) = 5 [pid 5160] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... ioctl resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] close(3 [pid 5158] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] fallocate(5, 0, 35143, 7 [pid 5159] <... close resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5159] mkdir("./file1", 0777 [pid 5158] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mkdir resumed>) = 0 [pid 5159] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5160] <... fallocate resumed>) = 0 [pid 5160] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5160] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... mount resumed>) = 0 [pid 5160] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5160] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5160] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5158] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... open resumed>) = 3 [pid 5160] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... write resumed>) = 262144 [pid 5160] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5159] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0) = ? [pid 5159] <... futex resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5160] <... futex resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x555556e0f690) = 5161 [pid 5161] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5161] chdir("./32") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5161] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5162 attached => {parent_tid=[5162]}, 88) = 5162 [pid 5162] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] <... rseq resumed>) = 0 [pid 5161] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] set_robust_list(0x7f4380f929a0, 24 [pid 5161] <... futex resumed>) = 0 [pid 5162] <... set_robust_list resumed>) = 0 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] <... futex resumed>) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] <... mmap resumed>) = 0x7f4380f51000 [pid 5162] memfd_create("syzkaller", 0 [pid 5161] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5162] <... memfd_create resumed>) = 3 [pid 5161] <... mprotect resumed>) = 0 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5161] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5163]}, 88) = 5163 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5163 attached ) = 0 [pid 5163] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 50.280100][ T5159] loop0: detected capacity change from 0 to 512 [ 50.297704][ T5159] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5163] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5162] <... write resumed>) = 262144 [pid 5162] munmap(0x7f4378b51000, 262144 [pid 5163] <... open resumed>) = 4 [pid 5163] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... munmap resumed>) = 0 [pid 5161] <... futex resumed>) = 0 [pid 5163] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5163] fallocate(4, 0, 35143, 7 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5162] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file1", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5163] <... fallocate resumed>) = 0 [pid 5163] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5163] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5163] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5161] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... open resumed>) = 3 [pid 5161] <... futex resumed>) = 0 [pid 5163] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5163] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5161] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... write resumed>) = 262144 [pid 5163] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5163] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5162] ioctl(5, LOOP_CLR_FD) = 0 [pid 5162] close(5) = 0 [pid 5162] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5164] chdir("./33") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5164] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5165 attached => {parent_tid=[5165]}, 88) = 5165 [pid 5165] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] <... rseq resumed>) = 0 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] set_robust_list(0x7f4380f929a0, 24 [pid 5164] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5165] memfd_create("syzkaller", 0 [pid 5164] <... mmap resumed>) = 0x7f4380f51000 [pid 5164] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5165] <... memfd_create resumed>) = 3 [pid 5164] <... mprotect resumed>) = 0 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5165] <... mmap resumed>) = 0x7f4378b51000 [pid 5164] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5166 attached => {parent_tid=[5166]}, 88) = 5166 [pid 5166] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] <... rseq resumed>) = 0 [pid 5166] set_robust_list(0x7f4380f719a0, 24 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5164] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5164] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... open resumed>) = 4 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5166] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5164] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] fallocate(4, 0, 35143, 7 [pid 5165] <... write resumed>) = 262144 [pid 5165] munmap(0x7f4378b51000, 262144) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 50.367512][ T5162] loop0: detected capacity change from 0 to 512 [ 50.389794][ T5162] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5165] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5166] <... fallocate resumed>) = 0 [pid 5165] close(3 [pid 5166] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... close resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] mkdir("./file1", 0777 [pid 5166] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... mkdir resumed>) = 0 [pid 5166] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5165] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5166] <... mount resumed>) = 0 [pid 5166] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5166] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5166] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5166] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5165] ioctl(5, LOOP_CLR_FD) = 0 [pid 5165] close(5) = 0 [pid 5165] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0) = ? [pid 5166] <... futex resumed>) = ? [pid 5165] <... futex resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x555556e0f690) = 5167 [pid 5167] set_robust_list(0x555556e0f6a0, 24) = 0 [ 50.446585][ T5165] loop0: detected capacity change from 0 to 512 [ 50.457265][ T5165] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 50.467861][ T5165] EXT4-fs (loop0): group descriptors corrupted! [pid 5167] chdir("./34") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5167] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5167] <... clone3 resumed> => {parent_tid=[5168]}, 88) = 5168 [pid 5168] <... rseq resumed>) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] set_robust_list(0x7f4380f929a0, 24 [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5167] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] memfd_create("syzkaller", 0 [pid 5167] <... futex resumed>) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5168] <... memfd_create resumed>) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5167] <... mmap resumed>) = 0x7f4380f51000 [pid 5167] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5168] <... mmap resumed>) = 0x7f4378b51000 [pid 5167] <... mprotect resumed>) = 0 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5169 attached [pid 5169] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5167] <... clone3 resumed> => {parent_tid=[5169]}, 88) = 5169 [pid 5169] <... rseq resumed>) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5167] <... futex resumed>) = 0 [pid 5169] <... open resumed>) = 4 [pid 5169] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... write resumed>) = 262144 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] munmap(0x7f4378b51000, 262144 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] fallocate(4, 0, 35143, 7 [pid 5168] <... munmap resumed>) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5168] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file1", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5169] <... fallocate resumed>) = 0 [pid 5169] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5169] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5169] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5169] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5169] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... futex resumed>) = 1 [pid 5169] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5169] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5169] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5168] ioctl(5, LOOP_CLR_FD) = 0 [pid 5168] close(5) = 0 [pid 5168] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] exit_group(0 [pid 5169] <... futex resumed>) = ? [pid 5168] <... futex resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ [pid 5167] <... exit_group resumed>) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached , child_tidptr=0x555556e0f690) = 5170 [pid 5170] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5170] chdir("./35") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5170] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5171]}, 88) = 5171 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5170] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5171] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] memfd_create("syzkaller", 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5172 attached [pid 5171] <... memfd_create resumed>) = 3 [pid 5172] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5172] <... rseq resumed>) = 0 [pid 5171] <... mmap resumed>) = 0x7f4378b51000 [pid 5172] set_robust_list(0x7f4380f719a0, 24 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5170] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... futex resumed>) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5172] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... write resumed>) = 262144 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5172] fallocate(4, 0, 35143, 7 [pid 5170] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.547885][ T5168] loop0: detected capacity change from 0 to 512 [ 50.567110][ T5168] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5171] munmap(0x7f4378b51000, 262144) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5171] ioctl(5, LOOP_SET_FD, 3 [pid 5172] <... fallocate resumed>) = 0 [pid 5171] <... ioctl resumed>) = 0 [pid 5172] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5172] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5172] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5172] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5172] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5172] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5170] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] close(3) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5172] <... write resumed>) = 262144 [pid 5172] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5172] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5171] ioctl(5, LOOP_CLR_FD) = 0 [pid 5171] close(5) = 0 [pid 5171] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] <... exit_group resumed>) = ? [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 50.629841][ T5171] loop0: detected capacity change from 0 to 512 [ 50.647567][ T5171] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5173] chdir("./36") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5173] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5174 attached => {parent_tid=[5174]}, 88) = 5174 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5174] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5173] <... mmap resumed>) = 0x7f4380f51000 [pid 5173] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5174] <... rseq resumed>) = 0 [pid 5173] <... mprotect resumed>) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5174] set_robust_list(0x7f4380f929a0, 24 [pid 5173] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5174] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5175 attached [pid 5173] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... rseq resumed>) = 0 [pid 5175] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5174] <... memfd_create resumed>) = 4 [pid 5175] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5175] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5175] fallocate(3, 0, 35143, 7 [pid 5173] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5174] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5174] munmap(0x7f4378b51000, 262144) = 0 [pid 5175] <... fallocate resumed>) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5175] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... openat resumed>) = 5 [pid 5175] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5175] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] ioctl(5, LOOP_SET_FD, 4 [pid 5173] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5175] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5173] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... mount resumed>) = 0 [pid 5175] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5174] <... ioctl resumed>) = 0 [pid 5175] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] close(4 [pid 5175] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... close resumed>) = 0 [pid 5175] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] mkdir("./file1", 0777 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] <... mkdir resumed>) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5175] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5174] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5173] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... write resumed>) = 262144 [pid 5175] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5175] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5174] ioctl(5, LOOP_CLR_FD) = 0 [pid 5174] close(5) = 0 [pid 5174] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] exit_group(0 [pid 5175] <... futex resumed>) = ? [pid 5173] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x555556e0f690) = 5176 [pid 5176] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5176] chdir("./37") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5176] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5176] <... clone3 resumed> => {parent_tid=[5177]}, 88) = 5177 [pid 5177] <... rseq resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] <... futex resumed>) = 0 [pid 5177] memfd_create("syzkaller", 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] <... memfd_create resumed>) = 3 [pid 5176] <... mmap resumed>) = 0x7f4380f51000 [pid 5176] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5176] <... mprotect resumed>) = 0 [pid 5177] <... mmap resumed>) = 0x7f4378b51000 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5176] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5178]}, 88) = 5178 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5178] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5178] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5177] <... write resumed>) = 262144 [pid 5177] munmap(0x7f4378b51000, 262144) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3 [ 50.715379][ T5174] loop0: detected capacity change from 0 to 512 [ 50.726951][ T5174] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 50.736663][ T5174] EXT4-fs (loop0): group descriptors corrupted! [pid 5178] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5178] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] fallocate(5, 0, 35143, 7 [pid 5177] <... ioctl resumed>) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5178] <... fallocate resumed>) = 0 [pid 5178] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5176] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... mount resumed>) = 0 [pid 5178] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5178] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5176] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... open resumed>) = 3 [pid 5178] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [ 50.791711][ T5177] loop0: detected capacity change from 0 to 512 [ 50.808945][ T5179] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 50.820274][ T5177] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 50.834699][ T5177] EXT4-fs (loop0): get root inode failed [pid 5178] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5177] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5178] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5177] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5176] <... exit_group resumed>) = ? [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x555556e0f690) = 5181 [pid 5181] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5181] chdir("./38") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5181] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5182 attached => {parent_tid=[5182]}, 88) = 5182 [pid 5182] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] set_robust_list(0x7f4380f929a0, 24 [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5181] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] <... futex resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] memfd_create("syzkaller", 0 [pid 5181] <... futex resumed>) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5181] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5182] <... memfd_create resumed>) = 3 [pid 5181] <... mprotect resumed>) = 0 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5183]}, 88) = 5183 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5183 attached [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5182] munmap(0x7f4378b51000, 262144) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3 [ 50.840433][ T5177] EXT4-fs (loop0): mount failed [pid 5183] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5182] <... ioctl resumed>) = 0 [pid 5183] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5182] close(3 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] <... close resumed>) = 0 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] mkdir("./file1", 0777 [pid 5183] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5182] <... mkdir resumed>) = 0 [pid 5182] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5183] <... open resumed>) = 3 [pid 5183] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5183] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5183] fallocate(3, 0, 35143, 7 [pid 5181] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... fallocate resumed>) = 0 [pid 5183] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5183] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5181] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... mount resumed>) = 0 [pid 5183] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5181] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5181] <... futex resumed>) = 0 [pid 5183] <... open resumed>) = 5 [pid 5181] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5183] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5181] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... write resumed>) = 262144 [pid 5183] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [ 50.882482][ T5182] loop0: detected capacity change from 0 to 512 [ 50.901810][ T5184] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 50.902456][ T5182] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [pid 5183] <... futex resumed>) = 1 [pid 5183] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5182] ioctl(4, LOOP_CLR_FD) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] exit_group(0) = ? [pid 5182] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5183] <... futex resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5186] chdir("./39") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5186] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5186] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rseq resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] set_robust_list(0x7f4380f929a0, 24 [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] memfd_create("syzkaller", 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5187] <... memfd_create resumed>) = 3 [pid 5186] <... mmap resumed>) = 0x7f4380f51000 [pid 5186] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5186] <... mprotect resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5186] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5188 attached [pid 5188] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5188] set_robust_list(0x7f4380f719a0, 24 [pid 5186] <... clone3 resumed> => {parent_tid=[5188]}, 88) = 5188 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5186] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... open resumed>) = 4 [pid 5188] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... write resumed>) = 262144 [pid 5186] <... futex resumed>) = 0 [pid 5188] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5188] fallocate(4, 0, 35143, 7 [pid 5186] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] munmap(0x7f4378b51000, 262144) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 50.927853][ T5182] EXT4-fs (loop0): get root inode failed [ 50.933591][ T5182] EXT4-fs (loop0): mount failed [pid 5187] ioctl(5, LOOP_SET_FD, 3 [pid 5188] <... fallocate resumed>) = 0 [pid 5188] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5188] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5188] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5186] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... mount resumed>) = 0 [pid 5188] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... ioctl resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] close(3) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5188] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5188] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5187] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5187] ioctl(5, LOOP_CLR_FD [pid 5188] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... ioctl resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5188] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] close(5) = 0 [pid 5187] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] exit_group(0 [pid 5188] <... futex resumed>) = ? [pid 5187] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x555556e0f690) = 5189 [pid 5189] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5189] chdir("./40") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 50.994079][ T5187] loop0: detected capacity change from 0 to 512 [ 51.007821][ T5187] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5189] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5190 attached => {parent_tid=[5190]}, 88) = 5190 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5190] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] set_robust_list(0x7f4380f929a0, 24 [pid 5189] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] <... futex resumed>) = 0 [pid 5190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5190] memfd_create("syzkaller", 0 [pid 5189] <... mmap resumed>) = 0x7f4380f51000 [pid 5189] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5190] <... memfd_create resumed>) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] <... mprotect resumed>) = 0 [pid 5190] <... mmap resumed>) = 0x7f4378b51000 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5189] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5191 attached [pid 5191] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5189] <... clone3 resumed> => {parent_tid=[5191]}, 88) = 5191 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] <... rseq resumed>) = 0 [pid 5191] set_robust_list(0x7f4380f719a0, 24 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... open resumed>) = 4 [pid 5191] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] fallocate(4, 0, 35143, 7 [pid 5190] <... write resumed>) = 262144 [pid 5190] munmap(0x7f4378b51000, 262144) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5190] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file1", 0777 [pid 5191] <... fallocate resumed>) = 0 [pid 5190] <... mkdir resumed>) = 0 [pid 5191] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5191] <... futex resumed>) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5191] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5189] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... open resumed>) = 3 [pid 5191] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5191] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5189] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... write resumed>) = 262144 [pid 5191] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5190] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5190] ioctl(5, LOOP_CLR_FD) = 0 [pid 5190] close(5) = 0 [pid 5190] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5190] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x555556e0f690) = 5192 [pid 5192] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5192] chdir("./41") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 51.072169][ T5190] loop0: detected capacity change from 0 to 512 [ 51.088037][ T5190] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5192] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5192] <... clone3 resumed> => {parent_tid=[5193]}, 88) = 5193 [pid 5193] <... rseq resumed>) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] set_robust_list(0x7f4380f929a0, 24 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] <... set_robust_list resumed>) = 0 [pid 5192] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5192] <... futex resumed>) = 0 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5193] <... mmap resumed>) = 0x7f4378b72000 [pid 5192] <... mmap resumed>) = 0x7f4378b51000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5192] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5194 attached => {parent_tid=[5194]}, 88) = 5194 [pid 5194] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5194] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] <... write resumed>) = 262144 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] munmap(0x7f4378b72000, 262144 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5192] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... munmap resumed>) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5193] ioctl(5, LOOP_SET_FD, 3 [pid 5194] <... open resumed>) = 4 [pid 5193] <... ioctl resumed>) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file1", 0777 [pid 5194] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5193] <... mkdir resumed>) = 0 [pid 5194] fallocate(4, 0, 35143, 7 [pid 5193] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5194] <... fallocate resumed>) = 0 [pid 5194] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5192] <... futex resumed>) = 0 [pid 5194] <... mount resumed>) = 0 [pid 5192] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5192] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 3 [pid 5194] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5192] <... futex resumed>) = 1 [pid 5192] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... write resumed>) = 262144 [pid 5194] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5194] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5193] ioctl(5, LOOP_CLR_FD) = 0 [pid 5193] close(5) = 0 [pid 5193] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] exit_group(0 [pid 5194] <... futex resumed>) = ? [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 51.165563][ T5193] loop0: detected capacity change from 0 to 512 [ 51.183133][ T5193] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 51.202538][ T5193] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5197] chdir("./42") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5197] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5198 attached => {parent_tid=[5198]}, 88) = 5198 [pid 5198] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5198] set_robust_list(0x7f4380f929a0, 24 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... set_robust_list resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] memfd_create("syzkaller", 0 [pid 5197] <... futex resumed>) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5198] <... memfd_create resumed>) = 3 [pid 5197] <... mmap resumed>) = 0x7f4380f51000 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5197] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5199]}, 88) = 5199 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5199] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5199] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] fallocate(4, 0, 35143, 7 [pid 5198] <... write resumed>) = 262144 [pid 5198] munmap(0x7f4378b51000, 262144) = 0 [pid 5199] <... fallocate resumed>) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5199] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... openat resumed>) = 5 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5198] ioctl(5, LOOP_SET_FD, 3 [pid 5199] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5199] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5199] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5197] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... ioctl resumed>) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file1", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5199] <... write resumed>) = -1 EIO (Input/output error) [pid 5199] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... futex resumed>) = 0 [pid 5198] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5198] ioctl(5, LOOP_CLR_FD) = 0 [pid 5198] close(5) = 0 [pid 5198] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5197] <... exit_group resumed>) = ? [pid 5198] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5200 ./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5200] chdir("./43") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5200] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5200] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 51.273783][ T5198] loop0: detected capacity change from 0 to 512 [ 51.282262][ T5199] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 51.294967][ T5199] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 51.305556][ T5198] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5201 attached => {parent_tid=[5201]}, 88) = 5201 [pid 5201] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5201] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5200] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5202 attached [pid 5200] <... clone3 resumed> => {parent_tid=[5202]}, 88) = 5202 [pid 5202] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... rseq resumed>) = 0 [pid 5200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] set_robust_list(0x7f4380f719a0, 24 [pid 5200] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... set_robust_list resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5201] <... mmap resumed>) = 0x7f4378b51000 [pid 5202] <... open resumed>) = 4 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5202] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5202] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] <... futex resumed>) = 0 [pid 5202] fallocate(4, 0, 35143, 7 [pid 5200] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... write resumed>) = 262144 [pid 5201] munmap(0x7f4378b51000, 262144) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5201] ioctl(5, LOOP_SET_FD, 3 [pid 5202] <... fallocate resumed>) = 0 [pid 5201] <... ioctl resumed>) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file1", 0777 [pid 5202] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... mkdir resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5200] <... futex resumed>) = 0 [pid 5202] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5202] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5200] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5202] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5202] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... write resumed>) = 262144 [pid 5202] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5202] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5201] ioctl(5, LOOP_CLR_FD) = 0 [pid 5201] close(5) = 0 [pid 5201] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] exit_group(0) = ? [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] <... futex resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5203] chdir("./44") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5203 [pid 5203] <... futex resumed>) = 0 [pid 5203] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5203] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5204 attached [pid 5204] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5204] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5204] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... clone3 resumed> => {parent_tid=[5204]}, 88) = 5204 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5204] memfd_create("syzkaller", 0 [pid 5203] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... memfd_create resumed>) = 3 [pid 5203] <... futex resumed>) = 0 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 51.378957][ T5201] loop0: detected capacity change from 0 to 512 [ 51.397117][ T5201] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5204] <... mmap resumed>) = 0x7f4378b51000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5203] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5205 attached => {parent_tid=[5205]}, 88) = 5205 [pid 5205] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5204] <... write resumed>) = 262144 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] <... futex resumed>) = 0 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5204] munmap(0x7f4378b51000, 262144) = 0 [pid 5205] <... open resumed>) = 4 [pid 5205] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5205] fallocate(4, 0, 35143, 7 [pid 5203] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... openat resumed>) = 5 [pid 5204] ioctl(5, LOOP_SET_FD, 3 [pid 5205] <... fallocate resumed>) = 0 [pid 5204] <... ioctl resumed>) = 0 [pid 5205] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] close(3) = 0 [pid 5204] mkdir("./file1", 0777 [pid 5205] <... futex resumed>) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5204] <... mkdir resumed>) = 0 [pid 5204] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5205] <... mount resumed>) = 0 [pid 5205] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5203] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 3 [pid 5205] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5205] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... futex resumed>) = 0 [pid 5204] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5204] ioctl(5, LOOP_CLR_FD) = 0 [pid 5204] close(5) = 0 [pid 5204] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] exit_group(0) = ? [pid 5204] <... futex resumed>) = ? [pid 5205] <... futex resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5206] chdir("./45") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5206] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5206] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5207 attached [pid 5207] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5207] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... clone3 resumed> => {parent_tid=[5207]}, 88) = 5207 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5206] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5206] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] memfd_create("syzkaller", 0 [pid 5206] <... futex resumed>) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5206] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5207] <... memfd_create resumed>) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 51.468729][ T5204] loop0: detected capacity change from 0 to 512 [ 51.487983][ T5204] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5206] <... mprotect resumed>) = 0 [pid 5207] <... write resumed>) = 262144 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5207] munmap(0x7f4378b51000, 262144 [pid 5206] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5208 attached => {parent_tid=[5208]}, 88) = 5208 [pid 5208] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] set_robust_list(0x7f4380f719a0, 24 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5206] <... futex resumed>) = 0 [pid 5207] <... munmap resumed>) = 0 [pid 5206] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 4 [pid 5208] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5208] <... futex resumed>) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... openat resumed>) = 5 [pid 5208] fallocate(4, 0, 35143, 7 [pid 5207] ioctl(5, LOOP_SET_FD, 3 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... fallocate resumed>) = 0 [pid 5207] <... ioctl resumed>) = 0 [pid 5208] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] close(3 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... close resumed>) = 0 [pid 5206] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] mkdir("./file1", 0777 [pid 5206] <... futex resumed>) = 0 [pid 5208] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5206] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... mount resumed>) = 0 [pid 5208] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5208] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5206] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 3 [pid 5207] <... mkdir resumed>) = 0 [pid 5208] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5208] <... futex resumed>) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5207] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5207] ioctl(5, LOOP_CLR_FD) = 0 [pid 5207] close(5) = 0 [pid 5207] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] exit_group(0 [pid 5208] <... futex resumed>) = ? [pid 5207] <... futex resumed>) = ? [pid 5206] <... exit_group resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5209] chdir("./46") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5209 [pid 5209] <... openat resumed>) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5209] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5210 attached => {parent_tid=[5210]}, 88) = 5210 [pid 5210] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] <... rseq resumed>) = 0 [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] set_robust_list(0x7f4380f929a0, 24 [pid 5209] <... futex resumed>) = 0 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] <... futex resumed>) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] memfd_create("syzkaller", 0 [ 51.554670][ T5207] loop0: detected capacity change from 0 to 512 [ 51.576934][ T5207] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5210] <... memfd_create resumed>) = 3 [pid 5209] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5209] <... mprotect resumed>) = 0 [pid 5210] <... mmap resumed>) = 0x7f4378b51000 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5209] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5211]}, 88) = 5211 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5211 attached [pid 5209] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5211] set_robust_list(0x7f4380f719a0, 24 [pid 5209] <... futex resumed>) = 0 [pid 5211] <... set_robust_list resumed>) = 0 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5210] <... write resumed>) = 262144 [pid 5210] munmap(0x7f4378b51000, 262144) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5211] <... open resumed>) = 4 [pid 5210] <... openat resumed>) = 5 [pid 5211] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] ioctl(5, LOOP_SET_FD, 3 [pid 5211] fallocate(4, 0, 35143, 7 [pid 5210] <... ioctl resumed>) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file1", 0777 [pid 5211] <... fallocate resumed>) = 0 [pid 5210] <... mkdir resumed>) = 0 [pid 5210] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5211] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5211] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5211] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5211] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5211] <... futex resumed>) = 1 [pid 5209] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... write resumed>) = 262144 [pid 5211] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5211] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5210] ioctl(5, LOOP_CLR_FD) = 0 [pid 5210] close(5) = 0 [pid 5210] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] exit_group(0 [pid 5211] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5212] chdir("./47") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5212] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5213 attached [pid 5213] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5212] <... clone3 resumed> => {parent_tid=[5213]}, 88) = 5213 [pid 5213] <... rseq resumed>) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5213] set_robust_list(0x7f4380f929a0, 24 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5213] <... set_robust_list resumed>) = 0 [pid 5212] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... futex resumed>) = 0 [pid 5213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] memfd_create("syzkaller", 0 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... memfd_create resumed>) = 3 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5212] <... mmap resumed>) = 0x7f4380f51000 [pid 5213] <... mmap resumed>) = 0x7f4378b51000 [pid 5212] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5212] <... mprotect resumed>) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5214]}, 88) = 5214 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.647578][ T5210] loop0: detected capacity change from 0 to 512 [ 51.677039][ T5210] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5212] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5214 attached [pid 5213] <... write resumed>) = 262144 [pid 5213] munmap(0x7f4378b51000, 262144) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3 [pid 5214] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5213] <... ioctl resumed>) = 0 [pid 5214] <... rseq resumed>) = 0 [pid 5213] close(3 [pid 5214] set_robust_list(0x7f4380f719a0, 24 [pid 5213] <... close resumed>) = 0 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5213] mkdir("./file1", 0777 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5213] <... mkdir resumed>) = 0 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5214] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5214] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] fallocate(3, 0, 35143, 7) = 0 [pid 5214] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5214] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5212] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... mount resumed>) = 0 [pid 5214] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... open resumed>) = 5 [pid 5214] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... write resumed>) = 262144 [pid 5214] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... futex resumed>) = 0 [pid 5213] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0) = ? [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5215] chdir("./48") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5215] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 51.730912][ T5213] loop0: detected capacity change from 0 to 512 [ 51.757176][ T5213] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5216 attached => {parent_tid=[5216]}, 88) = 5216 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5215] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... rseq resumed>) = 0 [pid 5216] set_robust_list(0x7f4380f929a0, 24 [pid 5215] <... futex resumed>) = 0 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5215] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] memfd_create("syzkaller", 0 [pid 5215] <... mmap resumed>) = 0x7f4380f51000 [pid 5215] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5216] <... memfd_create resumed>) = 3 [pid 5215] <... mprotect resumed>) = 0 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5217 attached [pid 5216] <... write resumed>) = 262144 [pid 5217] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5216] munmap(0x7f4378b51000, 262144 [pid 5215] <... clone3 resumed> => {parent_tid=[5217]}, 88) = 5217 [pid 5217] set_robust_list(0x7f4380f719a0, 24 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5215] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... futex resumed>) = 0 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5216] <... munmap resumed>) = 0 [pid 5215] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... open resumed>) = 4 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5216] ioctl(5, LOOP_SET_FD, 3 [pid 5217] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] fallocate(4, 0, 35143, 7 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... ioctl resumed>) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5217] <... fallocate resumed>) = 0 [pid 5217] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] <... futex resumed>) = 0 [pid 5217] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5215] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... mount resumed>) = 0 [pid 5217] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5215] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... open resumed>) = 3 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5215] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.828209][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 51.828223][ T28] audit: type=1800 audit(1694162019.969:50): pid=5217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 51.828718][ T5216] loop0: detected capacity change from 0 to 512 [pid 5215] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... write resumed>) = 262144 [pid 5217] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5217] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5216] ioctl(5, LOOP_CLR_FD) = 0 [pid 5216] close(5) = 0 [pid 5216] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] exit_group(0 [pid 5217] <... futex resumed>) = ? [pid 5216] <... futex resumed>) = ? [pid 5215] <... exit_group resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5218] chdir("./49") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5218] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5219 attached => {parent_tid=[5219]}, 88) = 5219 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5219] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5218] <... mmap resumed>) = 0x7f4380f51000 [pid 5219] <... rseq resumed>) = 0 [pid 5219] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [ 51.869066][ T5216] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 51.879296][ T5216] EXT4-fs (loop0): group descriptors corrupted! [pid 5218] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] <... mprotect resumed>) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5220 attached => {parent_tid=[5220]}, 88) = 5220 [pid 5220] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5219] memfd_create("syzkaller", 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... rseq resumed>) = 0 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] set_robust_list(0x7f4380f719a0, 24 [pid 5218] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5218] <... futex resumed>) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... memfd_create resumed>) = 3 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5220] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5219] <... mmap resumed>) = 0x7f4378b51000 [pid 5220] <... open resumed>) = 4 [pid 5220] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5220] fallocate(4, 0, 35143, 7 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5219] munmap(0x7f4378b51000, 262144) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5219] ioctl(5, LOOP_SET_FD, 3 [pid 5220] <... fallocate resumed>) = 0 [pid 5220] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = 0 [pid 5219] <... ioctl resumed>) = 0 [pid 5218] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5219] close(3 [pid 5218] <... futex resumed>) = 1 [pid 5220] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5219] <... close resumed>) = 0 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] mkdir("./file1", 0777 [pid 5218] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5218] <... futex resumed>) = 0 [pid 5220] <... open resumed>) = 3 [pid 5220] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5220] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5218] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... mkdir resumed>) = 0 [pid 5219] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5220] <... write resumed>) = 262144 [pid 5220] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = 0 [pid 5219] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5219] ioctl(5, LOOP_CLR_FD) = 0 [pid 5219] close(5) = 0 [pid 5219] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached , child_tidptr=0x555556e0f690) = 5221 [pid 5221] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5221] chdir("./50") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [ 51.941468][ T28] audit: type=1800 audit(1694162020.079:51): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 51.947619][ T5219] loop0: detected capacity change from 0 to 512 [ 51.978267][ T5219] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5221] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5222]}, 88) = 5222 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5222 attached NULL, 8) = 0 [pid 5222] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5221] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5222] memfd_create("syzkaller", 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5221] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] <... memfd_create resumed>) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5223]}, 88) = 5223 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5221] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5223] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5222] <... write resumed>) = 262144 [pid 5222] munmap(0x7f4378b51000, 262144 [pid 5223] <... open resumed>) = 4 [pid 5223] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... munmap resumed>) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5223] fallocate(4, 0, 35143, 7 [pid 5221] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5222] ioctl(5, LOOP_SET_FD, 3 [pid 5223] <... fallocate resumed>) = 0 [pid 5223] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5223] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 1 [pid 5221] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5223] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5222] <... ioctl resumed>) = 0 [pid 5221] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] close(3) = 0 [ 52.041036][ T28] audit: type=1800 audit(1694162020.179:52): pid=5223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.048801][ T5222] loop0: detected capacity change from 0 to 512 [ 52.073349][ T5223] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5222] mkdir("./file1", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5223] <... write resumed>) = -1 EIO (Input/output error) [pid 5223] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5223] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5222] ioctl(5, LOOP_CLR_FD) = 0 [pid 5222] close(5) = 0 [pid 5222] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] exit_group(0 [pid 5223] <... futex resumed>) = ? [pid 5222] <... futex resumed>) = ? [pid 5221] <... exit_group resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5224] chdir("./51") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5224] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5225]}, 88) = 5225 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5225 attached ) = 0 [pid 5225] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5224] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... rseq resumed>) = 0 [pid 5225] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5224] <... futex resumed>) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5225] memfd_create("syzkaller", 0 [pid 5224] <... mmap resumed>) = 0x7f4380f51000 [pid 5225] <... memfd_create resumed>) = 3 [ 52.083073][ T5223] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 52.096644][ T5222] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5224] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5224] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5225] <... mmap resumed>) = 0x7f4378b51000 [pid 5226] <... rseq resumed>) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] set_robust_list(0x7f4380f719a0, 24 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5224] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] <... futex resumed>) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5224] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5226] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5224] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] fallocate(4, 0, 35143, 7 [pid 5224] <... futex resumed>) = 0 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5224] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... write resumed>) = 262144 [pid 5225] munmap(0x7f4378b51000, 262144) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5225] ioctl(5, LOOP_SET_FD, 3 [pid 5226] <... fallocate resumed>) = 0 [pid 5226] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5226] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5226] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5224] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... mount resumed>) = 0 [pid 5226] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5226] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5226] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5224] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... open resumed>) = 6 [pid 5226] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5226] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5226] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5224] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... ioctl resumed>) = 0 [pid 5225] close(3) = 0 [pid 5225] mkdir("./file1", 0777) = 0 [ 52.155557][ T28] audit: type=1800 audit(1694162020.289:53): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.169486][ T5225] loop0: detected capacity change from 0 to 512 [ 52.182770][ T5226] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 52.182794][ T5226] Buffer I/O error on dev loop0, logical block 31, lost async page write [pid 5225] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5226] <... write resumed>) = -1 EIO (Input/output error) [pid 5226] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5225] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5225] ioctl(5, LOOP_CLR_FD) = 0 [pid 5225] close(5) = 0 [pid 5225] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] exit_group(0) = ? [pid 5226] <... futex resumed>) = ? [pid 5225] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555556e0f690) = 5227 [pid 5227] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5227] chdir("./52") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 52.182814][ T5226] I/O error, dev loop0, sector 240 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 52.182834][ T5226] Buffer I/O error on dev loop0, logical block 30, lost async page write [ 52.182851][ T5226] I/O error, dev loop0, sector 232 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 52.228855][ T5226] Buffer I/O error on dev loop0, logical block 29, lost async page write [ 52.239335][ T5225] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5227] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5228 attached [pid 5228] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5228] set_robust_list(0x7f4380f929a0, 24 [pid 5227] <... clone3 resumed> => {parent_tid=[5228]}, 88) = 5228 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5227] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] memfd_create("syzkaller", 0 [pid 5227] <... futex resumed>) = 0 [pid 5228] <... memfd_create resumed>) = 3 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5228] <... mmap resumed>) = 0x7f4378b72000 [pid 5227] <... mmap resumed>) = 0x7f4378b51000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5227] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 5228] <... write resumed>) = 262144 [pid 5228] munmap(0x7f4378b72000, 262144) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5229 attached [pid 5227] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... rseq resumed>) = 0 [pid 5228] <... ioctl resumed>) = 0 [pid 5228] close(3 [pid 5229] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5228] <... close resumed>) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] mkdir("./file1", 0777 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5228] <... mkdir resumed>) = 0 [pid 5228] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5229] <... open resumed>) = 3 [pid 5229] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.306375][ T5228] loop0: detected capacity change from 0 to 512 [ 52.317470][ T28] audit: type=1800 audit(1694162020.449:54): pid=5229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1931 res=0 errno=0 [ 52.349889][ T5228] EXT4-fs (loop0): 1 orphan inode deleted [pid 5229] fallocate(3, 0, 35143, 7) = 0 [pid 5229] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5229] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5229] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5228] <... mount resumed>) = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5228] chdir("./file1") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD [pid 5229] <... write resumed>) = 262144 [pid 5228] <... ioctl resumed>) = 0 [pid 5229] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5229] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] close(4) = 0 [pid 5228] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] exit_group(0) = ? [pid 5229] <... futex resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 52.355633][ T5228] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.368291][ T5228] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/52/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5232] chdir("./53") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5232] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5233 attached => {parent_tid=[5233]}, 88) = 5233 [pid 5233] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] set_robust_list(0x7f4380f929a0, 24 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] <... set_robust_list resumed>) = 0 [pid 5232] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] memfd_create("syzkaller", 0 [pid 5232] <... mmap resumed>) = 0x7f4380f51000 [ 52.412970][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.437912][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 52.447842][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5233] <... memfd_create resumed>) = 3 [pid 5232] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5232] <... mprotect resumed>) = 0 [pid 5233] <... mmap resumed>) = 0x7f4378b51000 [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5234]}, 88) = 5234 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5234 attached [pid 5232] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5234] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 4 [pid 5234] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... write resumed>) = 262144 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] fallocate(4, 0, 35143, 7 [pid 5233] munmap(0x7f4378b51000, 262144 [pid 5232] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... munmap resumed>) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5233] ioctl(5, LOOP_SET_FD, 3 [pid 5234] <... fallocate resumed>) = 0 [pid 5234] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... ioctl resumed>) = 0 [pid 5234] <... futex resumed>) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] close(3 [pid 5232] <... futex resumed>) = 0 [pid 5234] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5232] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... close resumed>) = 0 [pid 5233] mkdir("./file1", 0777 [pid 5234] <... mount resumed>) = 0 [pid 5233] <... mkdir resumed>) = 0 [pid 5233] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5234] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5234] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5232] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 3 [pid 5234] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5234] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5232] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... write resumed>) = 262144 [pid 5234] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [ 52.500178][ T28] audit: type=1800 audit(1694162020.639:55): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.523427][ T5233] loop0: detected capacity change from 0 to 512 [pid 5233] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5233] ioctl(5, LOOP_CLR_FD) = 0 [pid 5233] close(5) = 0 [pid 5233] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] <... futex resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] <... exit_group resumed>) = ? [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.537955][ T5233] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 52.544659][ T5235] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 52.551740][ T5233] EXT4-fs (loop0): get root inode failed [ 52.568262][ T5233] EXT4-fs (loop0): mount failed close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5237] chdir("./54") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5237] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5238]}, 88) = 5238 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5237] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5237] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5238 attached ./strace-static-x86_64: Process 5239 attached [pid 5238] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5237] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5238] <... rseq resumed>) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... rseq resumed>) = 0 [pid 5238] set_robust_list(0x7f4380f929a0, 24 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5239] set_robust_list(0x7f4380f719a0, 24 [pid 5237] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... set_robust_list resumed>) = 0 [pid 5237] <... futex resumed>) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] memfd_create("syzkaller", 0 [pid 5239] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5238] <... memfd_create resumed>) = 3 [pid 5239] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5239] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... mmap resumed>) = 0x7f4378b51000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5238] munmap(0x7f4378b51000, 262144) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5238] ioctl(5, LOOP_SET_FD, 3 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5237] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] fallocate(4, 0, 35143, 7 [pid 5238] <... ioctl resumed>) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file1", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5239] <... fallocate resumed>) = 0 [pid 5239] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5239] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5239] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5237] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... mount resumed>) = 0 [pid 5239] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5237] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5239] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5239] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5237] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... write resumed>) = 262144 [pid 5239] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5238] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5238] ioctl(5, LOOP_CLR_FD) = 0 [pid 5238] close(5) = 0 [pid 5238] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] exit_group(0 [pid 5239] <... futex resumed>) = ? [pid 5238] <... futex resumed>) = ? [pid 5237] <... exit_group resumed>) = ? [ 52.631782][ T28] audit: type=1800 audit(1694162020.769:56): pid=5239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.640683][ T5238] loop0: detected capacity change from 0 to 512 [ 52.669782][ T5238] EXT4-fs (loop0): failed to initialize system zone (-117) [ 52.677178][ T5238] EXT4-fs (loop0): mount failed [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached , child_tidptr=0x555556e0f690) = 5242 [pid 5242] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5242] chdir("./55") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5242] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5243 attached [pid 5243] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5243] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... clone3 resumed> => {parent_tid=[5243]}, 88) = 5243 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5242] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5242] <... futex resumed>) = 0 [pid 5243] <... mmap resumed>) = 0x7f4378b72000 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5242] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5244]}, 88) = 5244 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5244 attached [pid 5244] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5244] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5243] <... write resumed>) = 262144 [pid 5244] <... open resumed>) = 4 [pid 5244] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5242] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] fallocate(4, 0, 35143, 7 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] munmap(0x7f4378b72000, 262144) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5243] ioctl(5, LOOP_SET_FD, 3 [pid 5244] <... fallocate resumed>) = 0 [pid 5243] <... ioctl resumed>) = 0 [pid 5244] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] close(3 [pid 5244] <... futex resumed>) = 1 [pid 5243] <... close resumed>) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5244] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] mkdir("./file1", 0777 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5243] <... mkdir resumed>) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5244] <... mount resumed>) = 0 [pid 5243] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5242] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] <... futex resumed>) = 0 [pid 5244] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5242] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... open resumed>) = 3 [pid 5244] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5244] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5244] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5242] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... write resumed>) = 262144 [pid 5244] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5244] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5243] ioctl(5, LOOP_CLR_FD) = 0 [pid 5243] close(5) = 0 [pid 5243] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] exit_group(0 [pid 5244] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5242] <... exit_group resumed>) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached , child_tidptr=0x555556e0f690) = 5245 [pid 5245] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5245] chdir("./56") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 52.740550][ T28] audit: type=1800 audit(1694162020.879:57): pid=5244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.745515][ T5243] loop0: detected capacity change from 0 to 512 [ 52.774346][ T5243] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5245] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5246 attached [pid 5246] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5245] <... clone3 resumed> => {parent_tid=[5246]}, 88) = 5246 [pid 5246] <... rseq resumed>) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] memfd_create("syzkaller", 0 [pid 5245] <... futex resumed>) = 0 [pid 5246] <... memfd_create resumed>) = 3 [pid 5245] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5245] <... futex resumed>) = 0 [pid 5246] <... mmap resumed>) = 0x7f4378b72000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5245] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5247 attached => {parent_tid=[5247]}, 88) = 5247 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] <... rseq resumed>) = 0 [pid 5247] set_robust_list(0x7f4378b719a0, 24 [pid 5245] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... set_robust_list resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5245] <... futex resumed>) = 0 [pid 5246] <... write resumed>) = 262144 [pid 5245] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] munmap(0x7f4378b72000, 262144) = 0 [pid 5247] <... open resumed>) = 4 [pid 5247] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5246] ioctl(5, LOOP_SET_FD, 3 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... ioctl resumed>) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5247] fallocate(4, 0, 35143, 7 [pid 5246] close(3 [pid 5245] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... close resumed>) = 0 [pid 5246] mkdir("./file1", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5247] <... fallocate resumed>) = 0 [pid 5247] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5245] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5247] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5247] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5247] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5245] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... open resumed>) = 3 [pid 5247] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5247] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... write resumed>) = 262144 [ 52.839617][ T28] audit: type=1800 audit(1694162020.979:58): pid=5247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.840506][ T5246] loop0: detected capacity change from 0 to 512 [ 52.878239][ T5248] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5247] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5247] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5246] ioctl(5, LOOP_CLR_FD) = 0 [pid 5246] close(5) = 0 [pid 5246] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] exit_group(0 [pid 5247] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5250] chdir("./57") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 52.882131][ T5246] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 52.903225][ T5246] EXT4-fs (loop0): get root inode failed [ 52.909246][ T5246] EXT4-fs (loop0): mount failed [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5250] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5251 attached [pid 5251] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5250] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] <... rseq resumed>) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] set_robust_list(0x7f4380f929a0, 24 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... futex resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] memfd_create("syzkaller", 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... memfd_create resumed>) = 3 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5250] <... mmap resumed>) = 0x7f4380f51000 [pid 5251] <... mmap resumed>) = 0x7f4378b51000 [pid 5250] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5250] <... mprotect resumed>) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5252 attached [pid 5252] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5250] <... clone3 resumed> => {parent_tid=[5252]}, 88) = 5252 [pid 5252] <... rseq resumed>) = 0 [pid 5252] set_robust_list(0x7f4380f719a0, 24 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... set_robust_list resumed>) = 0 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5251] <... write resumed>) = 262144 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] munmap(0x7f4378b51000, 262144 [pid 5252] <... open resumed>) = 4 [pid 5251] <... munmap resumed>) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5251] ioctl(5, LOOP_SET_FD, 3 [pid 5252] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... ioctl resumed>) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] close(3 [pid 5250] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... close resumed>) = 0 [pid 5252] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5252] fallocate(4, 0, 35143, 7 [pid 5251] mkdir("./file1", 0777 [pid 5250] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... mkdir resumed>) = 0 [pid 5251] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5252] <... fallocate resumed>) = 0 [pid 5252] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5252] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] <... futex resumed>) = 0 [pid 5252] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5250] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... mount resumed>) = 0 [pid 5252] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5252] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] <... futex resumed>) = 0 [pid 5252] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5250] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... open resumed>) = 3 [pid 5252] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5252] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... write resumed>) = 262144 [pid 5252] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... futex resumed>) = 0 [ 52.969207][ T28] audit: type=1800 audit(1694162021.109:59): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.971441][ T5251] loop0: detected capacity change from 0 to 512 [ 53.008256][ T5253] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5251] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5251] ioctl(5, LOOP_CLR_FD) = 0 [pid 5251] close(5) = 0 [pid 5251] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached , child_tidptr=0x555556e0f690) = 5255 [pid 5255] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5255] chdir("./58") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5255] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5255] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5256] set_robust_list(0x7f4380f929a0, 24 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] <... set_robust_list resumed>) = 0 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] memfd_create("syzkaller", 0 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5256] <... memfd_create resumed>) = 3 [pid 5255] <... mmap resumed>) = 0x7f4380f51000 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5255] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5255] <... mprotect resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5257]}, 88) = 5257 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] <... write resumed>) = 262144 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5257] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] fallocate(4, 0, 35143, 7 [pid 5255] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] munmap(0x7f4378b51000, 262144) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 53.014442][ T5251] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 53.033583][ T5251] EXT4-fs (loop0): get root inode failed [ 53.039460][ T5251] EXT4-fs (loop0): mount failed [pid 5256] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file1", 0777 [pid 5257] <... fallocate resumed>) = 0 [pid 5257] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5257] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5257] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5255] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... mkdir resumed>) = 0 [pid 5256] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 5256] ioctl(5, LOOP_CLR_FD) = 0 [pid 5256] close(5) = 0 [pid 5256] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... write resumed>) = 262144 [pid 5257] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] exit_group(0) = ? [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5257] <... futex resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached , child_tidptr=0x555556e0f690) = 5258 [pid 5258] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5258] chdir("./59") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5258] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5258] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] <... rseq resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] set_robust_list(0x7f4380f929a0, 24 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] <... set_robust_list resumed>) = 0 [pid 5258] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] <... futex resumed>) = 0 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] memfd_create("syzkaller", 0 [pid 5258] <... futex resumed>) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5259] <... memfd_create resumed>) = 3 [pid 5258] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5260]}, 88) = 5260 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5260 attached [pid 5259] <... write resumed>) = 262144 [pid 5259] munmap(0x7f4378b51000, 262144) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3 [pid 5260] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5260] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5260] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5260] fallocate(5, 0, 35143, 7 [ 53.079790][ T5256] loop0: detected capacity change from 0 to 512 [ 53.099185][ T5256] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5258] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... ioctl resumed>) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./file1", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5260] <... fallocate resumed>) = 0 [pid 5260] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5260] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5260] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5260] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] exit_group(0) = ? [pid 5260] <... futex resumed>) = ? [pid 5259] <... futex resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x555556e0f690) = 5261 [pid 5261] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5261] chdir("./60") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5261] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5261] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] <... rseq resumed>) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] set_robust_list(0x7f4380f929a0, 24 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... set_robust_list resumed>) = 0 [pid 5261] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... futex resumed>) = 0 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] memfd_create("syzkaller", 0 [pid 5261] <... futex resumed>) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5262] <... memfd_create resumed>) = 3 [pid 5261] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5261] <... mprotect resumed>) = 0 [pid 5262] <... mmap resumed>) = 0x7f4378b51000 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5261] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5263]}, 88) = 5263 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5261] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5263 attached [pid 5263] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5263] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5263] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... write resumed>) = 262144 [pid 5263] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] fallocate(4, 0, 35143, 7 [pid 5262] munmap(0x7f4378b51000, 262144) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 53.138228][ T5259] loop0: detected capacity change from 0 to 512 [ 53.157752][ T5259] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5262] ioctl(5, LOOP_SET_FD, 3 [pid 5263] <... fallocate resumed>) = 0 [pid 5263] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5263] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5263] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5262] <... ioctl resumed>) = 0 [pid 5262] close(3) = 0 [pid 5262] mkdir("./file1", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5263] <... write resumed>) = 262144 [pid 5263] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5262] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5262] ioctl(5, LOOP_CLR_FD) = 0 [pid 5262] close(5) = 0 [pid 5262] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0) = ? [pid 5262] <... futex resumed>) = ? [pid 5263] <... futex resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x555556e0f690) = 5264 [pid 5264] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5264] chdir("./61") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5264] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5265 attached => {parent_tid=[5265]}, 88) = 5265 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5264] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5266 attached [pid 5265] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5266] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5265] <... rseq resumed>) = 0 [pid 5264] <... clone3 resumed> => {parent_tid=[5266]}, 88) = 5266 [pid 5266] <... rseq resumed>) = 0 [pid 5265] set_robust_list(0x7f4380f929a0, 24 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] set_robust_list(0x7f4380f719a0, 24 [pid 5265] <... set_robust_list resumed>) = 0 [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] <... set_robust_list resumed>) = 0 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] memfd_create("syzkaller", 0 [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] <... memfd_create resumed>) = 3 [pid 5266] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5266] <... open resumed>) = 4 [pid 5266] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5266] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... futex resumed>) = 0 [pid 5266] fallocate(4, 0, 35143, 7 [pid 5265] <... write resumed>) = 262144 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] munmap(0x7f4378b51000, 262144) = 0 [ 53.203275][ T5262] loop0: detected capacity change from 0 to 512 [ 53.222364][ T5262] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5265] ioctl(5, LOOP_SET_FD, 3 [pid 5266] <... fallocate resumed>) = 0 [pid 5266] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5264] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5264] <... futex resumed>) = 0 [pid 5266] <... mount resumed>) = 0 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5266] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5264] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... ioctl resumed>) = 0 [pid 5265] close(3) = 0 [pid 5265] mkdir("./file1", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5266] <... write resumed>) = -1 EIO (Input/output error) [pid 5266] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... futex resumed>) = 0 [pid 5265] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5265] ioctl(5, LOOP_CLR_FD) = 0 [pid 5265] close(5) = 0 [pid 5265] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5264] <... exit_group resumed>) = ? [pid 5266] <... futex resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 53.277720][ T5265] loop0: detected capacity change from 0 to 512 [ 53.283406][ T5266] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 53.294197][ T5266] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 53.305586][ T5265] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5267 ./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5267] chdir("./62") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5267] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5268 attached => {parent_tid=[5268]}, 88) = 5268 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5267] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5268] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5268] set_robust_list(0x7f4380f929a0, 24 [pid 5267] <... mprotect resumed>) = 0 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5268] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] <... clone3 resumed> => {parent_tid=[5269]}, 88) = 5269 [pid 5269] set_robust_list(0x7f4380f719a0, 24 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] <... set_robust_list resumed>) = 0 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5267] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... open resumed>) = 3 [pid 5268] memfd_create("syzkaller", 0 [pid 5269] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... memfd_create resumed>) = 4 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 1 [pid 5269] fallocate(3, 0, 35143, 7 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... mmap resumed>) = 0x7f4378b51000 [pid 5268] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5269] <... fallocate resumed>) = 0 [pid 5268] <... write resumed>) = 262144 [pid 5268] munmap(0x7f4378b51000, 262144 [pid 5269] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... munmap resumed>) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5269] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5267] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... futex resumed>) = 0 [pid 5269] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5267] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... mount resumed>) = 0 [pid 5268] <... openat resumed>) = 5 [pid 5268] ioctl(5, LOOP_SET_FD, 4 [pid 5269] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5267] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... ioctl resumed>) = 0 [pid 5269] <... open resumed>) = 6 [pid 5268] close(4 [pid 5269] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5268] <... close resumed>) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] mkdir("./file1", 0777) = 0 [pid 5268] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5269] <... write resumed>) = 262144 [pid 5269] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5268] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5268] ioctl(5, LOOP_CLR_FD) = 0 [pid 5268] close(5) = 0 [pid 5268] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] exit_group(0 [pid 5269] <... futex resumed>) = ? [pid 5267] <... exit_group resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5268] <... futex resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5270 attached , child_tidptr=0x555556e0f690) = 5270 [pid 5270] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5270] chdir("./63") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5270] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5271 attached [pid 5271] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5270] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] <... rseq resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] set_robust_list(0x7f4380f929a0, 24 [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5270] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] <... futex resumed>) = 0 [pid 5271] memfd_create("syzkaller", 0 [pid 5270] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5271] <... memfd_create resumed>) = 3 [pid 5270] <... mmap resumed>) = 0x7f4380f51000 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5270] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5270] <... mprotect resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5272]}, 88) = 5272 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5272 attached [pid 5271] <... write resumed>) = 262144 [pid 5271] munmap(0x7f4378b51000, 262144 [pid 5272] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5271] <... munmap resumed>) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.389736][ T5268] loop0: detected capacity change from 0 to 512 [ 53.403776][ T5268] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5271] ioctl(4, LOOP_SET_FD, 3 [pid 5272] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] <... ioctl resumed>) = 0 [pid 5272] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5271] close(3 [pid 5272] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... close resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5271] mkdir("./file1", 0777 [pid 5270] <... futex resumed>) = 0 [pid 5272] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5271] <... mkdir resumed>) = 0 [pid 5270] <... futex resumed>) = 0 [pid 5272] fallocate(5, 0, 35143, 7 [pid 5271] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5270] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... fallocate resumed>) = 0 [pid 5272] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5272] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5272] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5270] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... mount resumed>) = 0 [pid 5272] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5272] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5272] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... futex resumed>) = 0 [ 53.442390][ T5271] loop0: detected capacity change from 0 to 512 [ 53.468693][ T5273] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5271] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5271] ioctl(4, LOOP_CLR_FD) = 0 [pid 5271] close(4) = 0 [pid 5271] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5271] <... futex resumed>) = ? [pid 5270] <... exit_group resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5275] chdir("./64") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5275] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [ 53.477065][ T5271] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 53.493637][ T5271] EXT4-fs (loop0): get root inode failed [ 53.499316][ T5271] EXT4-fs (loop0): mount failed [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5276] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... rseq resumed>) = 0 [pid 5276] set_robust_list(0x7f4380f929a0, 24 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5275] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5275] <... futex resumed>) = 0 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] memfd_create("syzkaller", 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5276] <... memfd_create resumed>) = 3 [pid 5275] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5275] <... mprotect resumed>) = 0 [pid 5276] <... mmap resumed>) = 0x7f4378b51000 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5277 attached => {parent_tid=[5277]}, 88) = 5277 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5277] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5277] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] fallocate(4, 0, 35143, 7 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... write resumed>) = 262144 [pid 5276] munmap(0x7f4378b51000, 262144) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5276] ioctl(5, LOOP_SET_FD, 3 [pid 5277] <... fallocate resumed>) = 0 [pid 5277] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5275] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... mount resumed>) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5277] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5276] <... ioctl resumed>) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file1", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5277] <... write resumed>) = -1 EIO (Input/output error) [pid 5277] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5276] ioctl(5, LOOP_CLR_FD) = 0 [pid 5276] close(5) = 0 [pid 5276] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] exit_group(0 [pid 5276] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555556e0f690) = 5278 [pid 5278] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5278] chdir("./65") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5278] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5279 attached [pid 5279] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5279] set_robust_list(0x7f4380f929a0, 24 [pid 5278] <... clone3 resumed> => {parent_tid=[5279]}, 88) = 5279 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] memfd_create("syzkaller", 0 [pid 5278] <... futex resumed>) = 0 [pid 5279] <... memfd_create resumed>) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5278] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5278] <... futex resumed>) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5279] <... write resumed>) = 262144 [pid 5278] <... mmap resumed>) = 0x7f4378b51000 [ 53.565914][ T5276] loop0: detected capacity change from 0 to 512 [ 53.573179][ T5277] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 53.583082][ T5277] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 53.594464][ T5276] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5279] munmap(0x7f4378b72000, 262144 [pid 5278] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5280 attached => {parent_tid=[5280]}, 88) = 5280 [pid 5280] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] <... rseq resumed>) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] set_robust_list(0x7f4378b719a0, 24 [pid 5278] <... futex resumed>) = 0 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5279] <... munmap resumed>) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5279] ioctl(5, LOOP_SET_FD, 3 [pid 5280] <... open resumed>) = 4 [pid 5280] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] fallocate(4, 0, 35143, 7 [pid 5279] <... ioctl resumed>) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file1", 0777 [pid 5280] <... fallocate resumed>) = 0 [pid 5280] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... mkdir resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5279] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5278] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5280] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5278] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... mount resumed>) = 0 [pid 5280] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5280] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5278] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... open resumed>) = 3 [pid 5280] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5280] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5278] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... write resumed>) = 262144 [pid 5280] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5279] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5279] ioctl(5, LOOP_CLR_FD) = 0 [pid 5279] close(5) = 0 [pid 5279] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0 [pid 5280] <... futex resumed>) = ? [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5278] <... exit_group resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5281] chdir("./66") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5281] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5282 attached => {parent_tid=[5282]}, 88) = 5282 [pid 5282] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] <... rseq resumed>) = 0 [pid 5282] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... mmap resumed>) = 0x7f4378b72000 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5281] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 53.650243][ T5279] loop0: detected capacity change from 0 to 512 [ 53.662602][ T5279] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 53.673908][ T5279] EXT4-fs (loop0): group descriptors corrupted! [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5283]}, 88) = 5283 ./strace-static-x86_64: Process 5283 attached [pid 5283] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] set_robust_list(0x7f4378b719a0, 24 [pid 5282] <... write resumed>) = 262144 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] <... set_robust_list resumed>) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] munmap(0x7f4378b72000, 262144 [pid 5281] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5283] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5281] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... munmap resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5281] <... futex resumed>) = 0 [pid 5283] fallocate(4, 0, 35143, 7 [pid 5282] <... openat resumed>) = 5 [pid 5282] ioctl(5, LOOP_SET_FD, 3 [pid 5281] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... fallocate resumed>) = 0 [pid 5282] <... ioctl resumed>) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file1", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5283] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5283] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5281] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... mount resumed>) = 0 [pid 5283] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5283] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... write resumed>) = 262144 [pid 5283] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5282] ioctl(5, LOOP_CLR_FD) = 0 [pid 5282] close(5) = 0 [pid 5282] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] exit_group(0 [pid 5282] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5281] <... exit_group resumed>) = ? [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x555556e0f690) = 5284 [pid 5284] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5284] chdir("./67") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5284] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5285]}, 88) = 5285 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5284] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5286 attached [pid 5286] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5284] <... clone3 resumed> => {parent_tid=[5286]}, 88) = 5286 [pid 5286] <... rseq resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] set_robust_list(0x7f4380f719a0, 24./strace-static-x86_64: Process 5285 attached ) = 0 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] <... futex resumed>) = 0 [pid 5286] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... open resumed>) = 3 [pid 5286] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5286] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] fallocate(3, 0, 35143, 7 [pid 5284] <... futex resumed>) = 0 [pid 5285] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... rseq resumed>) = 0 [pid 5285] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 53.740739][ T5282] loop0: detected capacity change from 0 to 512 [ 53.767043][ T5282] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5285] memfd_create("syzkaller", 0) = 4 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5285] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5286] <... fallocate resumed>) = 0 [pid 5286] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5286] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] <... futex resumed>) = 0 [pid 5284] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5284] <... futex resumed>) = 0 [pid 5286] <... open resumed>) = 5 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... write resumed>) = 262144 [pid 5286] <... futex resumed>) = 1 [pid 5286] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] munmap(0x7f4378b51000, 262144 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5286] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5284] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5286] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... munmap resumed>) = 0 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5285] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5285] close(4) = 0 [pid 5285] mkdir("./file1", 0777) = 0 [ 53.830698][ T5285] loop0: detected capacity change from 0 to 512 [ 53.850385][ T5285] EXT4-fs (loop0): 1 orphan inode deleted [ 53.856321][ T5285] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5285] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5285] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5285] chdir("./file1") = 0 [pid 5285] ioctl(6, LOOP_CLR_FD) = 0 [pid 5285] close(6) = 0 [pid 5285] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] exit_group(0 [pid 5285] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... exit_group resumed>) = ? [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5286] <... futex resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 53.868973][ T5285] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/67/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached , child_tidptr=0x555556e0f690) = 5290 [pid 5290] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5290] chdir("./68") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5290] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5291 attached [pid 5291] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5290] <... clone3 resumed> => {parent_tid=[5291]}, 88) = 5291 [pid 5291] <... rseq resumed>) = 0 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] <... futex resumed>) = 0 [pid 5291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5290] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5291] memfd_create("syzkaller", 0 [pid 5290] <... mprotect resumed>) = 0 [pid 5290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5292 attached [pid 5291] <... memfd_create resumed>) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5292] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5290] <... clone3 resumed> => {parent_tid=[5292]}, 88) = 5292 [pid 5292] <... rseq resumed>) = 0 [pid 5291] <... mmap resumed>) = 0x7f4378b51000 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] set_robust_list(0x7f4380f719a0, 24 [pid 5290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5290] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] <... futex resumed>) = 0 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5292] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5290] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] fallocate(4, 0, 35143, 7 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5292] <... fallocate resumed>) = 0 [pid 5292] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] munmap(0x7f4378b51000, 262144 [pid 5292] <... futex resumed>) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5292] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5290] <... futex resumed>) = 0 [pid 5292] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5290] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... mount resumed>) = 0 [pid 5292] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5290] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... open resumed>) = 5 [pid 5292] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5291] <... munmap resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5290] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5290] <... futex resumed>) = 0 [ 53.907269][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5292] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5290] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... openat resumed>) = 6 [pid 5291] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] mkdir("./file1", 0777) = 0 [ 53.968226][ T5291] loop0: detected capacity change from 0 to 512 [ 53.989986][ T5291] EXT4-fs (loop0): 1 orphan inode deleted [ 53.995734][ T5291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5291] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file1") = 0 [pid 5291] ioctl(6, LOOP_CLR_FD) = 0 [pid 5291] close(6) = 0 [pid 5291] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] exit_group(0 [pid 5291] <... futex resumed>) = ? [pid 5292] <... futex resumed>) = ? [pid 5290] <... exit_group resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 54.008907][ T5291] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/68/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5295] chdir("./69") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.040524][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5295] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5295] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5296]}, 88) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] <... rseq resumed>) = 0 [pid 5296] set_robust_list(0x7f4380f929a0, 24 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] <... set_robust_list resumed>) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5296] memfd_create("syzkaller", 0 [pid 5295] <... mmap resumed>) = 0x7f4380f51000 [pid 5295] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5296] <... memfd_create resumed>) = 3 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 ./strace-static-x86_64: Process 5297 attached [pid 5297] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5295] <... clone3 resumed> => {parent_tid=[5297]}, 88) = 5297 [pid 5297] <... rseq resumed>) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] set_robust_list(0x7f4380f719a0, 24 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] <... set_robust_list resumed>) = 0 [pid 5295] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] <... futex resumed>) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5297] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5297] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5297] fallocate(4, 0, 35143, 7 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5295] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... write resumed>) = 262144 [pid 5296] munmap(0x7f4378b51000, 262144) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5296] ioctl(5, LOOP_SET_FD, 3 [pid 5297] <... fallocate resumed>) = 0 [pid 5297] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5297] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5297] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5297] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5297] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5297] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5295] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... ioctl resumed>) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file1", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5297] <... write resumed>) = 262144 [pid 5297] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5297] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5296] ioctl(5, LOOP_CLR_FD) = 0 [pid 5296] close(5) = 0 [pid 5296] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5296] <... futex resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ [pid 5295] <... exit_group resumed>) = ? [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 54.115767][ T5296] loop0: detected capacity change from 0 to 512 [ 54.131710][ T5296] EXT4-fs (loop0): VFS: Can't find ext4 filesystem rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x555556e0f690) = 5298 [pid 5298] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5298] chdir("./70") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5298] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5299 attached => {parent_tid=[5299]}, 88) = 5299 [pid 5299] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5299] <... rseq resumed>) = 0 [pid 5298] <... mmap resumed>) = 0x7f4380f51000 [pid 5299] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5298] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... mprotect resumed>) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] memfd_create("syzkaller", 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5300 attached [pid 5299] <... memfd_create resumed>) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5300] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5298] <... clone3 resumed> => {parent_tid=[5300]}, 88) = 5300 [pid 5300] <... rseq resumed>) = 0 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... open resumed>) = 4 [pid 5300] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] fallocate(4, 0, 35143, 7 [pid 5299] <... write resumed>) = 262144 [pid 5299] munmap(0x7f4378b51000, 262144) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5299] ioctl(5, LOOP_SET_FD, 3 [pid 5300] <... fallocate resumed>) = 0 [pid 5300] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... ioctl resumed>) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5299] close(3 [pid 5298] <... futex resumed>) = 0 [pid 5300] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... close resumed>) = 0 [pid 5298] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] mkdir("./file1", 0777 [pid 5298] <... futex resumed>) = 0 [pid 5300] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5299] <... mkdir resumed>) = 0 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5300] <... mount resumed>) = 0 [pid 5300] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5300] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5300] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... write resumed>) = 262144 [pid 5300] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5300] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5299] ioctl(5, LOOP_CLR_FD) = 0 [pid 5299] close(5) = 0 [pid 5299] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] exit_group(0 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... futex resumed>) = ? [pid 5299] <... futex resumed>) = ? [pid 5298] <... exit_group resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x555556e0f690) = 5301 [pid 5301] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5301] chdir("./71") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5301] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5302 attached => {parent_tid=[5302]}, 88) = 5302 [pid 5302] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... rseq resumed>) = 0 [pid 5302] set_robust_list(0x7f4380f929a0, 24 [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] <... set_robust_list resumed>) = 0 [pid 5301] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] <... futex resumed>) = 0 [pid 5302] memfd_create("syzkaller", 0 [pid 5301] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5302] <... memfd_create resumed>) = 3 [pid 5301] <... mmap resumed>) = 0x7f4380f51000 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5301] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5301] <... mprotect resumed>) = 0 [ 54.219634][ T5299] loop0: detected capacity change from 0 to 512 [ 54.237294][ T5299] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5302] <... write resumed>) = 262144 [pid 5301] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5303]}, 88) = 5303 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] munmap(0x7f4378b51000, 262144) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5303 attached [pid 5303] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5302] <... ioctl resumed>) = 0 [pid 5302] close(3) = 0 [pid 5302] mkdir("./file1", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5303] <... rseq resumed>) = 0 [pid 5303] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5303] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] fallocate(3, 0, 35143, 7) = 0 [pid 5303] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5303] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5303] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5301] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... mount resumed>) = 0 [pid 5303] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5301] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... open resumed>) = 5 [pid 5303] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5303] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... write resumed>) = 262144 [pid 5303] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... futex resumed>) = 0 [ 54.280310][ T5302] loop0: detected capacity change from 0 to 512 [ 54.299549][ T5304] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 54.300582][ T5302] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 54.324577][ T5302] EXT4-fs (loop0): get root inode failed [pid 5302] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] exit_group(0 [pid 5303] <... futex resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5301] <... exit_group resumed>) = ? [pid 5302] <... futex resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5306 attached , child_tidptr=0x555556e0f690) = 5306 [pid 5306] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5306] chdir("./72") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [ 54.330279][ T5302] EXT4-fs (loop0): mount failed [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5306] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5307 attached => {parent_tid=[5307]}, 88) = 5307 [pid 5307] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5307] memfd_create("syzkaller", 0 [pid 5306] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5307] <... memfd_create resumed>) = 3 [pid 5306] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5306] <... mprotect resumed>) = 0 [pid 5307] <... mmap resumed>) = 0x7f4378b51000 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5308]}, 88) = 5308 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... write resumed>) = 262144 [pid 5307] munmap(0x7f4378b51000, 262144) = 0 [pid 5307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5307] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5308 attached [pid 5308] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5308] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5308] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... ioctl resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5307] close(3 [pid 5306] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... close resumed>) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5308] fallocate(5, 0, 35143, 7 [pid 5307] mkdir("./file1", 0777 [pid 5306] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... mkdir resumed>) = 0 [pid 5307] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5308] <... fallocate resumed>) = 0 [pid 5308] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] <... futex resumed>) = 0 [pid 5308] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5306] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... mount resumed>) = 0 [pid 5308] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] <... futex resumed>) = 0 [pid 5308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5306] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... open resumed>) = 3 [pid 5308] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] <... futex resumed>) = 0 [pid 5308] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5306] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... write resumed>) = 262144 [pid 5308] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [ 54.377710][ T5307] loop0: detected capacity change from 0 to 512 [ 54.412764][ T5309] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5308] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5307] ioctl(4, LOOP_CLR_FD) = 0 [pid 5307] close(4) = 0 [pid 5307] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] exit_group(0) = ? [pid 5308] <... futex resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5307] <... futex resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached , child_tidptr=0x555556e0f690) = 5311 [pid 5311] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5311] chdir("./73") = 0 [ 54.423778][ T5307] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 54.437977][ T5307] EXT4-fs (loop0): get root inode failed [ 54.443629][ T5307] EXT4-fs (loop0): mount failed [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5311] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5312 attached => {parent_tid=[5312]}, 88) = 5312 [pid 5312] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5311] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] <... rseq resumed>) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5312] set_robust_list(0x7f4380f929a0, 24 [pid 5311] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5313 attached [pid 5312] memfd_create("syzkaller", 0 [pid 5313] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5312] <... memfd_create resumed>) = 3 [pid 5311] <... clone3 resumed> => {parent_tid=[5313]}, 88) = 5313 [pid 5313] <... rseq resumed>) = 0 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] set_robust_list(0x7f4380f719a0, 24 [pid 5312] <... mmap resumed>) = 0x7f4378b51000 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5311] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5311] <... futex resumed>) = 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5313] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5313] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... write resumed>) = 262144 [pid 5311] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5313] fallocate(4, 0, 35143, 7 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] munmap(0x7f4378b51000, 262144) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5312] ioctl(5, LOOP_SET_FD, 3 [pid 5313] <... fallocate resumed>) = 0 [pid 5313] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5311] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5311] <... futex resumed>) = 0 [pid 5312] <... ioctl resumed>) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./file1", 0777 [pid 5313] <... mount resumed>) = 0 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5311] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... open resumed>) = 3 [pid 5313] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5313] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] <... mkdir resumed>) = 0 [pid 5312] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5313] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5313] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5312] ioctl(5, LOOP_CLR_FD) = 0 [pid 5312] close(5) = 0 [pid 5312] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] exit_group(0 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = ? [pid 5311] <... exit_group resumed>) = ? [pid 5312] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached , child_tidptr=0x555556e0f690) = 5314 [pid 5314] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5314] chdir("./74") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 54.512123][ T5312] loop0: detected capacity change from 0 to 512 [ 54.527885][ T5312] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5314] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5315 attached [pid 5315] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5314] <... clone3 resumed> => {parent_tid=[5315]}, 88) = 5315 [pid 5315] set_robust_list(0x7f4380f929a0, 24 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5315] <... set_robust_list resumed>) = 0 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] <... futex resumed>) = 0 [pid 5315] memfd_create("syzkaller", 0 [pid 5314] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... memfd_create resumed>) = 3 [pid 5314] <... futex resumed>) = 0 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5315] <... mmap resumed>) = 0x7f4378b51000 [pid 5314] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5314] <... mprotect resumed>) = 0 [pid 5314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5316 attached [pid 5316] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5314] <... clone3 resumed> => {parent_tid=[5316]}, 88) = 5316 [pid 5316] set_robust_list(0x7f4380f719a0, 24 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] <... set_robust_list resumed>) = 0 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] <... futex resumed>) = 0 [pid 5315] <... write resumed>) = 262144 [pid 5315] munmap(0x7f4378b51000, 262144 [pid 5316] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5314] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... munmap resumed>) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5315] ioctl(5, LOOP_SET_FD, 3 [pid 5316] <... open resumed>) = 4 [pid 5316] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... ioctl resumed>) = 0 [pid 5315] close(3) = 0 [pid 5315] mkdir("./file1", 0777) = 0 [pid 5315] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5316] <... futex resumed>) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5316] fallocate(4, 0, 35143, 7 [pid 5314] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... fallocate resumed>) = 0 [pid 5316] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] <... futex resumed>) = 0 [pid 5316] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5314] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... mount resumed>) = 0 [pid 5316] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5314] <... futex resumed>) = 0 [pid 5316] <... open resumed>) = 3 [pid 5314] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... write resumed>) = 262144 [pid 5316] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5316] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5315] ioctl(5, LOOP_CLR_FD) = 0 [pid 5315] close(5) = 0 [pid 5315] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] exit_group(0 [pid 5316] <... futex resumed>) = ? [pid 5315] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5316] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5319 ./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5319] chdir("./75") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [ 54.590088][ T5315] loop0: detected capacity change from 0 to 512 [ 54.611184][ T5315] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 54.625537][ T5315] EXT4-fs (loop0): get root inode failed [ 54.631714][ T5315] EXT4-fs (loop0): mount failed [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5319] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5320 attached => {parent_tid=[5320]}, 88) = 5320 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5320] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] <... futex resumed>) = 0 [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5319] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... mmap resumed>) = 0x7f4378b72000 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5319] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5321 attached [pid 5321] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5319] <... clone3 resumed> => {parent_tid=[5321]}, 88) = 5321 [pid 5321] <... rseq resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5321] set_robust_list(0x7f4378b719a0, 24 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] <... set_robust_list resumed>) = 0 [pid 5319] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5321] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... write resumed>) = 262144 [pid 5319] <... futex resumed>) = 0 [pid 5321] fallocate(4, 0, 35143, 7 [pid 5320] munmap(0x7f4378b72000, 262144 [pid 5319] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... munmap resumed>) = 0 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5320] ioctl(5, LOOP_SET_FD, 3 [pid 5321] <... fallocate resumed>) = 0 [pid 5321] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5320] <... ioctl resumed>) = 0 [pid 5320] close(3) = 0 [pid 5321] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5319] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... open resumed>) = 3 [pid 5320] mkdir("./file1", 0777 [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... mkdir resumed>) = 0 [pid 5319] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5319] <... futex resumed>) = 0 [pid 5320] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5319] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... write resumed>) = 262144 [pid 5321] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5320] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5320] ioctl(5, LOOP_CLR_FD) = 0 [pid 5320] close(5) = 0 [pid 5320] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] exit_group(0) = ? [pid 5320] +++ exited with 0 +++ [pid 5321] <... futex resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5322 [ 54.694786][ T5320] loop0: detected capacity change from 0 to 512 [ 54.719926][ T5320] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 54.729711][ T5320] EXT4-fs (loop0): group descriptors corrupted! ./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5322] chdir("./76") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5322] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5322] <... clone3 resumed> => {parent_tid=[5323]}, 88) = 5323 [pid 5323] <... rseq resumed>) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] set_robust_list(0x7f4380f929a0, 24 [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] <... set_robust_list resumed>) = 0 [pid 5322] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] <... futex resumed>) = 0 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] memfd_create("syzkaller", 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5322] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5323] <... memfd_create resumed>) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5322] <... mprotect resumed>) = 0 [pid 5323] <... mmap resumed>) = 0x7f4378b51000 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5324]}, 88) = 5324 ./strace-static-x86_64: Process 5324 attached [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5324] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... write resumed>) = 262144 [pid 5322] <... futex resumed>) = 1 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] munmap(0x7f4378b51000, 262144) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5323] ioctl(5, LOOP_SET_FD, 3 [pid 5324] <... open resumed>) = 4 [pid 5324] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... ioctl resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5323] close(3 [pid 5322] <... futex resumed>) = 0 [pid 5323] <... close resumed>) = 0 [pid 5323] mkdir("./file1", 0777 [pid 5324] fallocate(4, 0, 35143, 7 [pid 5323] <... mkdir resumed>) = 0 [pid 5322] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... fallocate resumed>) = 0 [pid 5324] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5324] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5322] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] <... mount resumed>) = 0 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] <... futex resumed>) = 0 [pid 5322] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5322] <... futex resumed>) = 0 [pid 5324] <... open resumed>) = 3 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5324] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5322] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... write resumed>) = 262144 [pid 5324] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5324] <... futex resumed>) = 1 [pid 5324] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5323] ioctl(5, LOOP_CLR_FD) = 0 [pid 5323] close(5) = 0 [pid 5323] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] <... futex resumed>) = ? [pid 5322] <... exit_group resumed>) = ? [pid 5323] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5325 ./strace-static-x86_64: Process 5325 attached [pid 5325] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5325] chdir("./77") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5325] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5326]}, 88) = 5326 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5325] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5326 attached ) = 0x7f4380f51000 [pid 5326] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5325] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5326] set_robust_list(0x7f4380f929a0, 24 [pid 5325] <... mprotect resumed>) = 0 [pid 5326] <... set_robust_list resumed>) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5326] memfd_create("syzkaller", 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5326] <... memfd_create resumed>) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5327 attached [pid 5325] <... clone3 resumed> => {parent_tid=[5327]}, 88) = 5327 [pid 5327] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5326] <... mmap resumed>) = 0x7f4378b51000 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] <... rseq resumed>) = 0 [pid 5327] set_robust_list(0x7f4380f719a0, 24 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5325] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] <... futex resumed>) = 0 [pid 5327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5325] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... open resumed>) = 4 [pid 5327] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] fallocate(4, 0, 35143, 7 [pid 5325] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5327] <... fallocate resumed>) = 0 [pid 5327] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] munmap(0x7f4378b51000, 262144 [pid 5325] <... futex resumed>) = 0 [pid 5327] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [ 54.798182][ T5323] loop0: detected capacity change from 0 to 512 [ 54.817021][ T5323] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5325] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... mount resumed>) = 0 [pid 5326] <... munmap resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5325] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... openat resumed>) = 5 [pid 5326] ioctl(5, LOOP_SET_FD, 3 [pid 5325] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5325] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5325] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... open resumed>) = 6 [pid 5327] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5325] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5326] <... ioctl resumed>) = 0 [pid 5326] close(3) = 0 [pid 5326] mkdir("./file1", 0777) = 0 [pid 5326] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5327] <... write resumed>) = -1 EIO (Input/output error) [pid 5327] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5326] ioctl(5, LOOP_CLR_FD) = 0 [pid 5326] close(5) = 0 [pid 5326] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5325] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5327] <... futex resumed>) = ? [pid 5327] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5328 ./strace-static-x86_64: Process 5328 attached [pid 5328] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5328] chdir("./78") = 0 [pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5328] setpgid(0, 0) = 0 [pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5328] write(3, "1000", 4) = 4 [pid 5328] close(3) = 0 [pid 5328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5328] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [ 54.879562][ T5326] loop0: detected capacity change from 0 to 512 [ 54.884114][ T5327] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 54.895747][ T5327] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 54.907712][ T5326] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5328] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5329 attached [pid 5329] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5328] <... clone3 resumed> => {parent_tid=[5329]}, 88) = 5329 [pid 5329] <... rseq resumed>) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] set_robust_list(0x7f4380f929a0, 24 [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] <... set_robust_list resumed>) = 0 [pid 5328] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] <... futex resumed>) = 0 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] memfd_create("syzkaller", 0 [pid 5328] <... futex resumed>) = 0 [pid 5329] <... memfd_create resumed>) = 3 [pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5328] <... mmap resumed>) = 0x7f4378b51000 [pid 5328] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5328] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5330] <... rseq resumed>) = 0 [pid 5330] set_robust_list(0x7f4378b719a0, 24 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] <... set_robust_list resumed>) = 0 [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 4 [pid 5330] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] fallocate(4, 0, 35143, 7 [pid 5329] <... write resumed>) = 262144 [pid 5329] munmap(0x7f4378b72000, 262144) = 0 [pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5329] ioctl(5, LOOP_SET_FD, 3 [pid 5330] <... fallocate resumed>) = 0 [pid 5330] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5330] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5328] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5328] <... futex resumed>) = 0 [pid 5330] <... open resumed>) = 6 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5330] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5328] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... ioctl resumed>) = 0 [pid 5329] close(3) = 0 [pid 5329] mkdir("./file1", 0777) = 0 [pid 5329] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5330] <... write resumed>) = -1 EIO (Input/output error) [pid 5330] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5330] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5329] ioctl(5, LOOP_CLR_FD) = 0 [pid 5329] close(5) = 0 [pid 5329] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] exit_group(0) = ? [pid 5330] <... futex resumed>) = ? [pid 5329] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ [pid 5328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5328, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5331] chdir("./79") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [ 54.973986][ T5329] loop0: detected capacity change from 0 to 512 [ 54.980200][ T5330] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 54.989924][ T5330] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 55.001325][ T5329] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5331] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5332 attached [pid 5332] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5331] <... clone3 resumed> => {parent_tid=[5332]}, 88) = 5332 [pid 5332] <... rseq resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] set_robust_list(0x7f4380f929a0, 24 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] <... set_robust_list resumed>) = 0 [pid 5331] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] <... futex resumed>) = 0 [pid 5332] memfd_create("syzkaller", 0 [pid 5331] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5332] <... memfd_create resumed>) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5331] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5332] <... mmap resumed>) = 0x7f4378b51000 [pid 5331] <... mprotect resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5333]}, 88) = 5333 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5333 attached [pid 5331] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5333] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] <... write resumed>) = 262144 [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] munmap(0x7f4378b51000, 262144 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5332] <... munmap resumed>) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3 [pid 5333] <... open resumed>) = 5 [pid 5333] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... ioctl resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5333] fallocate(5, 0, 35143, 7 [pid 5331] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] close(3) = 0 [pid 5332] mkdir("./file1", 0777) = 0 [pid 5332] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5333] <... fallocate resumed>) = 0 [pid 5333] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5333] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5333] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5333] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [ 55.066565][ T5332] loop0: detected capacity change from 0 to 512 [ 55.082677][ T5332] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor369: lblock 0 mapped to illegal pblock 9 (length 1) [ 55.098220][ T5332] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [pid 5333] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] exit_group(0 [pid 5333] <... futex resumed>) = ? [pid 5331] <... exit_group resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5332] <... futex resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5336 attached , child_tidptr=0x555556e0f690) = 5336 [pid 5336] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5336] chdir("./80") = 0 [pid 5336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 55.113993][ T5332] EXT4-fs (loop0): mount failed [pid 5336] setpgid(0, 0) = 0 [pid 5336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5336] write(3, "1000", 4) = 4 [pid 5336] close(3) = 0 [pid 5336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5336] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5336] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5337]}, 88) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5336] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] <... rseq resumed>) = 0 [pid 5337] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5337] memfd_create("syzkaller", 0 [pid 5336] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] <... memfd_create resumed>) = 3 [pid 5336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5338 attached => {parent_tid=[5338]}, 88) = 5338 [pid 5338] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... rseq resumed>) = 0 [pid 5338] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5338] <... open resumed>) = 4 [pid 5338] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] fallocate(4, 0, 35143, 7 [pid 5337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5337] munmap(0x7f4378b51000, 262144) = 0 [pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5337] ioctl(5, LOOP_SET_FD, 3 [pid 5338] <... fallocate resumed>) = 0 [pid 5338] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... ioctl resumed>) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5338] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] <... futex resumed>) = 0 [pid 5337] close(3 [pid 5338] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5336] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... close resumed>) = 0 [pid 5337] mkdir("./file1", 0777) = 0 [pid 5337] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5338] <... mount resumed>) = 0 [pid 5338] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5336] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... open resumed>) = 3 [pid 5338] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 0 [pid 5338] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5338] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5338] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... mount resumed>) = 0 [pid 5337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5337] chdir("./file1") = 0 [pid 5337] ioctl(5, LOOP_CLR_FD) = 0 [pid 5337] close(5) = 0 [pid 5337] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] exit_group(0 [pid 5338] <... futex resumed>) = ? [pid 5337] <... futex resumed>) = ? [pid 5336] <... exit_group resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ [pid 5336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5336, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 55.175763][ T5337] loop0: detected capacity change from 0 to 512 [ 55.191021][ T5337] EXT4-fs (loop0): 1 orphan inode deleted [ 55.196762][ T5337] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.209073][ T5337] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/80/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x555556e0f690) = 5341 [pid 5341] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5341] chdir("./81") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5341] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5342]}, 88) = 5342 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5341] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5342 attached ./strace-static-x86_64: Process 5343 attached [pid 5342] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5343] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5342] <... rseq resumed>) = 0 [pid 5343] <... rseq resumed>) = 0 [pid 5342] set_robust_list(0x7f4380f929a0, 24 [pid 5343] set_robust_list(0x7f4380f719a0, 24 [pid 5342] <... set_robust_list resumed>) = 0 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] memfd_create("syzkaller", 0 [pid 5341] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5342] <... memfd_create resumed>) = 4 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5343] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5342] <... mmap resumed>) = 0x7f4378b51000 [pid 5341] <... futex resumed>) = 0 [pid 5343] fallocate(3, 0, 35143, 7 [pid 5341] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5342] munmap(0x7f4378b51000, 262144) = 0 [pid 5343] <... fallocate resumed>) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5343] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 55.250218][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.260306][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 55.270323][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5341] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5342] <... openat resumed>) = 5 [pid 5341] <... futex resumed>) = 0 [pid 5343] <... mount resumed>) = 0 [pid 5341] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] ioctl(5, LOOP_SET_FD, 4 [pid 5341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5341] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... open resumed>) = 6 [pid 5343] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... ioctl resumed>) = 0 [pid 5342] close(4) = 0 [pid 5342] mkdir("./file1", 0777 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5343] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5341] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... mkdir resumed>) = 0 [pid 5342] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5343] <... write resumed>) = 262144 [pid 5343] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5343] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5342] ioctl(5, LOOP_CLR_FD) = 0 [pid 5342] close(5) = 0 [pid 5342] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] exit_group(0) = ? [pid 5343] <... futex resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5342] <... futex resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5344] chdir("./82") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5344] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5345 attached => {parent_tid=[5345]}, 88) = 5345 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 55.322756][ T5342] loop0: detected capacity change from 0 to 512 [ 55.335848][ T5342] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5344] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5344] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5345] <... rseq resumed>) = 0 [pid 5345] set_robust_list(0x7f4380f929a0, 24 [pid 5344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5346 attached ) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5346] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5345] <... mmap resumed>) = 0x7f4378b51000 [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] <... rseq resumed>) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5346] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] <... write resumed>) = 262144 [pid 5345] munmap(0x7f4378b51000, 262144) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3 [pid 5346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5346] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... ioctl resumed>) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file1", 0777 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] fallocate(5, 0, 35143, 7 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... mkdir resumed>) = 0 [pid 5345] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5346] <... fallocate resumed>) = 0 [pid 5346] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... futex resumed>) = 1 [pid 5346] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5346] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5344] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5344] <... futex resumed>) = 0 [pid 5346] <... open resumed>) = 3 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5346] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5344] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... write resumed>) = 262144 [pid 5346] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5346] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0) = ? [pid 5345] <... futex resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5346] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 55.396243][ T5345] loop0: detected capacity change from 0 to 512 [ 55.410552][ T5345] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor369: lblock 0 mapped to illegal pblock 9 (length 1) [ 55.425748][ T5345] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 55.441383][ T5345] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x555556e0f690) = 5350 [pid 5350] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5350] chdir("./83") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5350] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5351]}, 88) = 5351 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5351 attached [pid 5350] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... rseq resumed>) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5351] set_robust_list(0x7f4380f929a0, 24 [pid 5350] <... mmap resumed>) = 0x7f4380f51000 [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] <... mprotect resumed>) = 0 [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5352 attached => {parent_tid=[5352]}, 88) = 5352 [pid 5352] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] <... rseq resumed>) = 0 [pid 5352] set_robust_list(0x7f4380f719a0, 24 [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5352] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5352] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5352] fallocate(4, 0, 35143, 7 [pid 5350] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... write resumed>) = 262144 [pid 5351] munmap(0x7f4378b51000, 262144 [pid 5352] <... fallocate resumed>) = 0 [pid 5352] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5351] <... munmap resumed>) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5350] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5352] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5351] <... openat resumed>) = 5 [pid 5352] <... mount resumed>) = 0 [pid 5352] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5350] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... open resumed>) = 6 [pid 5350] <... futex resumed>) = 0 [pid 5352] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] ioctl(5, LOOP_SET_FD, 3 [pid 5350] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 0 [pid 5352] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5350] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... ioctl resumed>) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file1", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5352] <... write resumed>) = -1 EIO (Input/output error) [pid 5352] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [ 55.510989][ T5351] loop0: detected capacity change from 0 to 512 [ 55.514461][ T5352] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 55.520188][ T5035] Buffer I/O error on dev loop0, logical block 63, lost async page write [ 55.548117][ T5351] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor369: iget: special inode unallocated [pid 5352] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5351] ioctl(5, LOOP_CLR_FD) = 0 [pid 5351] close(5) = 0 [pid 5351] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5351] <... futex resumed>) = ? [pid 5350] <... exit_group resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5355 ./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5355] chdir("./84") = 0 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5355] setpgid(0, 0) = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5355] write(3, "1000", 4) = 4 [pid 5355] close(3) = 0 [pid 5355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5355] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5355] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5356 attached [pid 5356] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5356] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... clone3 resumed> => {parent_tid=[5356]}, 88) = 5356 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5356] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] memfd_create("syzkaller", 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5356] <... memfd_create resumed>) = 3 [pid 5355] <... mmap resumed>) = 0x7f4380f51000 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5355] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5357 attached => {parent_tid=[5357]}, 88) = 5357 [pid 5357] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] set_robust_list(0x7f4380f719a0, 24 [pid 5355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] <... set_robust_list resumed>) = 0 [pid 5355] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... futex resumed>) = 0 [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5357] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5357] fallocate(4, 0, 35143, 7 [pid 5355] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... write resumed>) = 262144 [pid 5356] munmap(0x7f4378b51000, 262144) = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 55.561000][ T5351] EXT4-fs (loop0): get root inode failed [ 55.566975][ T5351] EXT4-fs (loop0): mount failed [pid 5356] ioctl(5, LOOP_SET_FD, 3 [pid 5357] <... fallocate resumed>) = 0 [pid 5356] <... ioctl resumed>) = 0 [pid 5357] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] close(3 [pid 5357] <... futex resumed>) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] <... close resumed>) = 0 [pid 5357] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] mkdir("./file1", 0777 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] <... futex resumed>) = 0 [pid 5357] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5356] <... mkdir resumed>) = 0 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... mount resumed>) = 0 [pid 5356] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5357] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5357] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5357] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5357] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5356] ioctl(5, LOOP_CLR_FD) = 0 [pid 5356] close(5) = 0 [pid 5356] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] exit_group(0 [pid 5356] <... futex resumed>) = ? [pid 5357] <... futex resumed>) = ? [pid 5356] +++ exited with 0 +++ [pid 5357] +++ exited with 0 +++ [pid 5355] <... exit_group resumed>) = ? [pid 5355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5358] chdir("./85") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5358] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5359]}, 88) = 5359 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5358] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5358] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5359 attached [pid 5359] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5359] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5359] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5360 attached [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5358] <... clone3 resumed> => {parent_tid=[5360]}, 88) = 5360 [pid 5360] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5359] <... mmap resumed>) = 0x7f4378b51000 [pid 5360] <... rseq resumed>) = 0 [pid 5360] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5360] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5358] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5358] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5358] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.615670][ T5356] loop0: detected capacity change from 0 to 512 [ 55.637034][ T5356] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5360] fallocate(4, 0, 35143, 7 [pid 5359] <... write resumed>) = 262144 [pid 5359] munmap(0x7f4378b51000, 262144 [pid 5360] <... fallocate resumed>) = 0 [pid 5360] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... munmap resumed>) = 0 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5360] <... mount resumed>) = 0 [pid 5360] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... openat resumed>) = 5 [pid 5360] <... futex resumed>) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5358] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... open resumed>) = 6 [pid 5358] <... futex resumed>) = 0 [pid 5359] ioctl(5, LOOP_SET_FD, 3 [pid 5358] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [pid 5358] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5358] <... futex resumed>) = 0 [pid 5360] <... write resumed>) = -1 EIO (Input/output error) [pid 5358] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5360] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... ioctl resumed>) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./file1", 0777) = 0 [pid 5359] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5359] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file1") = 0 [pid 5359] ioctl(5, LOOP_CLR_FD) = 0 [pid 5359] close(5) = 0 [pid 5359] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] exit_group(0 [pid 5359] <... futex resumed>) = ? [pid 5358] <... exit_group resumed>) = ? [pid 5360] <... futex resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 55.701073][ T5359] loop0: detected capacity change from 0 to 512 [ 55.719683][ T5359] EXT4-fs (loop0): 1 orphan inode deleted [ 55.725651][ T5359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.738169][ T5359] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/85/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5363 [pid 5363] chdir("./86") = 0 [pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5363] setpgid(0, 0) = 0 [pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5363] write(3, "1000", 4) = 4 [pid 5363] close(3) = 0 [pid 5363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5363] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5363] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5364]}, 88) = 5364 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5363] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5365]}, 88) = 5365 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5365 attached NULL, 8) = 0 [pid 5365] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5363] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... rseq resumed>) = 0 [pid 5363] <... futex resumed>) = 0 [pid 5365] set_robust_list(0x7f4380f719a0, 24 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... set_robust_list resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 ./strace-static-x86_64: Process 5364 attached [pid 5365] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5365] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5363] <... futex resumed>) = 0 [pid 5365] fallocate(3, 0, 35143, 7 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... fallocate resumed>) = 0 [pid 5365] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5363] <... futex resumed>) = 0 [pid 5364] <... rseq resumed>) = 0 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5364] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5365] <... mount resumed>) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5365] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5364] memfd_create("syzkaller", 0 [pid 5363] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... open resumed>) = 4 [pid 5365] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... memfd_create resumed>) = 5 [pid 5365] <... futex resumed>) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5365] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5363] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... mmap resumed>) = 0x7f4378b51000 [pid 5365] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5365] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5365] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... write resumed>) = 262144 [pid 5364] munmap(0x7f4378b51000, 262144) = 0 [ 55.773590][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5364] close(5) = 0 [pid 5364] mkdir("./file1", 0777) = 0 [pid 5364] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5364] chdir("./file1") = 0 [pid 5364] ioctl(6, LOOP_CLR_FD) = 0 [pid 5364] close(6) = 0 [pid 5364] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] exit_group(0 [pid 5364] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = ? [pid 5365] +++ exited with 0 +++ [pid 5364] <... futex resumed>) = ? [pid 5363] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 55.834615][ T5364] loop0: detected capacity change from 0 to 512 [ 55.849531][ T5364] EXT4-fs (loop0): 1 orphan inode deleted [ 55.855273][ T5364] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.868239][ T5364] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/86/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached , child_tidptr=0x555556e0f690) = 5368 [pid 5368] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5368] chdir("./87") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5368] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5369 attached => {parent_tid=[5369]}, 88) = 5369 [pid 5369] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] <... rseq resumed>) = 0 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] set_robust_list(0x7f4380f929a0, 24 [pid 5368] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5368] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5369] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... mprotect resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5368] <... clone3 resumed> => {parent_tid=[5370]}, 88) = 5370 [pid 5370] <... rseq resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] set_robust_list(0x7f4380f719a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... futex resumed>) = 0 [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] <... open resumed>) = 3 [pid 5369] memfd_create("syzkaller", 0 [pid 5370] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... futex resumed>) = 1 [pid 5370] fallocate(3, 0, 35143, 7 [pid 5369] <... memfd_create resumed>) = 4 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5369] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5370] <... fallocate resumed>) = 0 [pid 5370] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... write resumed>) = 262144 [pid 5369] munmap(0x7f4378b51000, 262144 [pid 5370] <... futex resumed>) = 0 [pid 5370] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5369] <... munmap resumed>) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5370] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... openat resumed>) = 5 [pid 5370] <... futex resumed>) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [ 55.897278][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5369] ioctl(5, LOOP_SET_FD, 4 [pid 5368] <... futex resumed>) = 0 [pid 5370] <... open resumed>) = 6 [pid 5370] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... ioctl resumed>) = 0 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] close(4 [pid 5368] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... close resumed>) = 0 [pid 5370] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5370] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5369] mkdir("./file1", 0777 [pid 5368] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mkdir resumed>) = 0 [pid 5369] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5370] <... write resumed>) = 262144 [pid 5370] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5370] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5369] ioctl(5, LOOP_CLR_FD) = 0 [pid 5369] close(5) = 0 [pid 5369] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x555556e0f690) = 5371 [pid 5371] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5371] chdir("./88") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 55.955912][ T5369] loop0: detected capacity change from 0 to 512 [ 55.971815][ T5369] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5371] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5372 attached [pid 5372] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5371] <... clone3 resumed> => {parent_tid=[5372]}, 88) = 5372 [pid 5372] <... rseq resumed>) = 0 [pid 5372] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5371] <... futex resumed>) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5372] <... mmap resumed>) = 0x7f4378b72000 [pid 5371] <... mmap resumed>) = 0x7f4378b51000 [pid 5371] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5371] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] <... rseq resumed>) = 0 [pid 5373] set_robust_list(0x7f4378b719a0, 24 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... set_robust_list resumed>) = 0 [pid 5372] <... write resumed>) = 262144 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... futex resumed>) = 0 [pid 5373] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] munmap(0x7f4378b72000, 262144 [pid 5373] <... open resumed>) = 4 [pid 5372] <... munmap resumed>) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5373] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] ioctl(5, LOOP_SET_FD, 3 [pid 5373] <... futex resumed>) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5373] fallocate(4, 0, 35143, 7 [pid 5371] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... ioctl resumed>) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file1", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... fallocate resumed>) = 0 [pid 5373] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5373] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5373] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5373] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5373] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... mount resumed>) = 0 [pid 5372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5372] chdir("./file1") = 0 [pid 5372] ioctl(5, LOOP_CLR_FD) = 0 [pid 5372] close(5) = 0 [pid 5372] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0 [pid 5373] <... futex resumed>) = ? [pid 5372] <... futex resumed>) = ? [pid 5371] <... exit_group resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 56.035597][ T5372] loop0: detected capacity change from 0 to 512 [ 56.049271][ T5372] EXT4-fs (loop0): 1 orphan inode deleted [ 56.054975][ T5372] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.068734][ T5372] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/88/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5376] chdir("./89") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5376] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5377 attached => {parent_tid=[5377]}, 88) = 5377 [pid 5377] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] set_robust_list(0x7f4380f929a0, 24 [pid 5376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] <... set_robust_list resumed>) = 0 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5376] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5376] <... futex resumed>) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5376 [pid 5377] memfd_create("syzkaller", 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5377] <... memfd_create resumed>) = 3 [pid 5376] <... mmap resumed>) = 0x7f4380f51000 [pid 5376] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5376] <... mprotect resumed>) = 0 [pid 5377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5378 attached => {parent_tid=[5378]}, 88) = 5378 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5377] <... write resumed>) = 262144 [pid 5378] set_robust_list(0x7f4380f719a0, 24 [pid 5377] munmap(0x7f4378b51000, 262144 [pid 5378] <... set_robust_list resumed>) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5377] <... munmap resumed>) = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5377] ioctl(5, LOOP_SET_FD, 3 [pid 5378] <... open resumed>) = 4 [ 56.107602][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.117613][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 56.127210][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5378] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5378] fallocate(4, 0, 35143, 7 [pid 5376] <... futex resumed>) = 1 [pid 5377] <... ioctl resumed>) = 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] close(3) = 0 [pid 5377] mkdir("./file1", 0777) = 0 [pid 5378] <... fallocate resumed>) = 0 [pid 5377] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5378] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5378] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... mount resumed>) = 0 [pid 5378] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5378] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5376] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... write resumed>) = 262144 [pid 5378] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... futex resumed>) = 0 [pid 5377] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5377] ioctl(5, LOOP_CLR_FD) = 0 [pid 5377] close(5) = 0 [pid 5377] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] exit_group(0 [pid 5378] <... futex resumed>) = ? [pid 5376] <... exit_group resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] <... futex resumed>) = ? [pid 5377] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5379 attached , child_tidptr=0x555556e0f690) = 5379 [pid 5379] set_robust_list(0x555556e0f6a0, 24) = 0 [ 56.173294][ T5377] loop0: detected capacity change from 0 to 512 [ 56.188151][ T5377] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5379] chdir("./90") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5379] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5380 attached => {parent_tid=[5380]}, 88) = 5380 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5379] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5379] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5380] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5379] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5381 attached [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] <... clone3 resumed> => {parent_tid=[5381]}, 88) = 5381 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5380] memfd_create("syzkaller", 0 [pid 5381] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5380] <... memfd_create resumed>) = 3 [pid 5381] set_robust_list(0x7f4380f719a0, 24 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5381] <... set_robust_list resumed>) = 0 [pid 5379] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] <... mmap resumed>) = 0x7f4378b51000 [pid 5379] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5381] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5379] <... futex resumed>) = 0 [pid 5381] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5381] fallocate(4, 0, 35143, 7 [pid 5380] <... write resumed>) = 262144 [pid 5379] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] munmap(0x7f4378b51000, 262144) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5380] ioctl(5, LOOP_SET_FD, 3 [pid 5381] <... fallocate resumed>) = 0 [pid 5381] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5381] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5381] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5379] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... mount resumed>) = 0 [pid 5381] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5381] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5379] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5379] <... futex resumed>) = 0 [pid 5380] <... ioctl resumed>) = 0 [pid 5379] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] close(3) = 0 [pid 5380] mkdir("./file1", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5381] <... write resumed>) = -1 EIO (Input/output error) [pid 5381] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5381] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5380] ioctl(5, LOOP_CLR_FD) = 0 [pid 5380] close(5) = 0 [pid 5380] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5380] <... futex resumed>) = ? [pid 5379] <... exit_group resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5384 ./strace-static-x86_64: Process 5384 attached [pid 5384] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5384] chdir("./91") = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.249783][ T5380] loop0: detected capacity change from 0 to 512 [ 56.268313][ T5380] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor369: iget: special inode unallocated [ 56.281118][ T5380] EXT4-fs (loop0): get root inode failed [ 56.286763][ T5380] EXT4-fs (loop0): mount failed [pid 5384] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5384] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5385 attached [pid 5385] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5384] <... clone3 resumed> => {parent_tid=[5385]}, 88) = 5385 [pid 5385] <... rseq resumed>) = 0 [pid 5385] set_robust_list(0x7f4380f929a0, 24 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] <... set_robust_list resumed>) = 0 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] memfd_create("syzkaller", 0 [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5385] <... memfd_create resumed>) = 3 [pid 5384] <... mmap resumed>) = 0x7f4380f51000 [pid 5384] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5385] <... mmap resumed>) = 0x7f4378b51000 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5386]}, 88) = 5386 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5386 attached [pid 5385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5386] set_robust_list(0x7f4380f719a0, 24 [pid 5384] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... set_robust_list resumed>) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5385] <... write resumed>) = 262144 [pid 5385] munmap(0x7f4378b51000, 262144) = 0 [pid 5385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5385] ioctl(5, LOOP_SET_FD, 3 [pid 5386] <... open resumed>) = 4 [pid 5386] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = 0 [pid 5385] <... ioctl resumed>) = 0 [pid 5384] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5385] close(3 [pid 5384] <... futex resumed>) = 1 [pid 5386] fallocate(4, 0, 35143, 7 [pid 5385] <... close resumed>) = 0 [pid 5384] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] mkdir("./file1", 0777) = 0 [pid 5385] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5386] <... fallocate resumed>) = 0 [pid 5386] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5386] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5384] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... mount resumed>) = 0 [pid 5386] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... write resumed>) = 262144 [pid 5386] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5385] ioctl(5, LOOP_CLR_FD) = 0 [pid 5385] close(5) = 0 [pid 5385] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] exit_group(0 [pid 5386] <... futex resumed>) = ? [pid 5384] <... exit_group resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5385] <... futex resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5384, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5387 attached , child_tidptr=0x555556e0f690) = 5387 [pid 5387] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5387] chdir("./92") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [ 56.343904][ T5385] loop0: detected capacity change from 0 to 512 [ 56.367252][ T5385] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5387] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5388 attached => {parent_tid=[5388]}, 88) = 5388 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5388] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5388] set_robust_list(0x7f4380f929a0, 24 [pid 5387] <... mmap resumed>) = 0x7f4380f51000 [pid 5387] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5388] <... set_robust_list resumed>) = 0 [pid 5387] <... mprotect resumed>) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5387] <... clone3 resumed> => {parent_tid=[5389]}, 88) = 5389 [pid 5389] <... rseq resumed>) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] set_robust_list(0x7f4380f719a0, 24 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] <... set_robust_list resumed>) = 0 [pid 5387] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] <... futex resumed>) = 0 [pid 5389] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... open resumed>) = 4 [pid 5388] <... memfd_create resumed>) = 3 [pid 5389] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5389] <... futex resumed>) = 1 [pid 5388] <... mmap resumed>) = 0x7f4378b51000 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5389] fallocate(4, 0, 35143, 7 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5388] munmap(0x7f4378b51000, 262144 [pid 5389] <... fallocate resumed>) = 0 [pid 5389] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5388] <... munmap resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5389] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5388] <... openat resumed>) = 5 [pid 5389] <... open resumed>) = 6 [pid 5388] ioctl(5, LOOP_SET_FD, 3 [pid 5389] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5389] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5388] <... ioctl resumed>) = 0 [pid 5387] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] close(3) = 0 [pid 5388] mkdir("./file1", 0777) = 0 [pid 5388] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5389] <... write resumed>) = -1 EIO (Input/output error) [pid 5389] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [ 56.442826][ T5388] loop0: detected capacity change from 0 to 512 [ 56.452494][ T5389] blk_print_req_error: 129 callbacks suppressed [ 56.452502][ T5389] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 56.468973][ T5389] buffer_io_error: 129 callbacks suppressed [ 56.468983][ T5389] Buffer I/O error on dev loop0, logical block 31, lost async page write [pid 5389] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5388] ioctl(5, LOOP_CLR_FD) = 0 [pid 5388] close(5) = 0 [pid 5388] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] exit_group(0) = ? [pid 5388] <... futex resumed>) = ? [pid 5389] <... futex resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5390 attached , child_tidptr=0x555556e0f690) = 5390 [pid 5390] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5390] chdir("./93") = 0 [pid 5390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5390] setpgid(0, 0) = 0 [pid 5390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 56.488167][ T5388] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5390] write(3, "1000", 4) = 4 [pid 5390] close(3) = 0 [pid 5390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5390] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5390] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5391 attached [pid 5391] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5390] <... clone3 resumed> => {parent_tid=[5391]}, 88) = 5391 [pid 5391] <... rseq resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] set_robust_list(0x7f4380f929a0, 24 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5390] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] <... futex resumed>) = 0 [pid 5391] memfd_create("syzkaller", 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5391] <... memfd_create resumed>) = 3 [pid 5391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5390] <... mmap resumed>) = 0x7f4380f51000 [pid 5391] <... mmap resumed>) = 0x7f4378b51000 [pid 5390] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5390] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5390] <... futex resumed>) = 0 [pid 5391] <... write resumed>) = 262144 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... open resumed>) = 4 [pid 5392] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] munmap(0x7f4378b51000, 262144 [pid 5390] <... futex resumed>) = 0 [pid 5392] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... munmap resumed>) = 0 [pid 5390] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] fallocate(4, 0, 35143, 7 [pid 5391] <... openat resumed>) = 5 [pid 5391] ioctl(5, LOOP_SET_FD, 3 [pid 5392] <... fallocate resumed>) = 0 [pid 5391] <... ioctl resumed>) = 0 [pid 5391] close(3) = 0 [pid 5391] mkdir("./file1", 0777 [pid 5392] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5392] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5391] <... mkdir resumed>) = 0 [pid 5391] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5392] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5392] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5390] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] <... open resumed>) = 3 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... write resumed>) = 262144 [pid 5392] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5392] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5391] ioctl(5, LOOP_CLR_FD) = 0 [pid 5391] close(5) = 0 [pid 5391] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5390] <... exit_group resumed>) = ? [pid 5391] <... futex resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5390, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5393] chdir("./94") = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5393 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5393] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5394]}, 88) = 5394 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5393] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5394] <... rseq resumed>) = 0 [pid 5394] set_robust_list(0x7f4380f929a0, 24 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5394] <... set_robust_list resumed>) = 0 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5395 attached NULL, 8) = 0 [ 56.550290][ T5391] loop0: detected capacity change from 0 to 512 [ 56.567035][ T5391] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5395] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5394] memfd_create("syzkaller", 0 [pid 5393] <... clone3 resumed> => {parent_tid=[5395]}, 88) = 5395 [pid 5395] <... rseq resumed>) = 0 [pid 5394] <... memfd_create resumed>) = 3 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] set_robust_list(0x7f4380f719a0, 24 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5395] <... set_robust_list resumed>) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] <... mmap resumed>) = 0x7f4378b51000 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5395] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5393] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] fallocate(4, 0, 35143, 7 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... write resumed>) = 262144 [pid 5394] munmap(0x7f4378b51000, 262144) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5394] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] mkdir("./file1", 0777) = 0 [pid 5395] <... fallocate resumed>) = 0 [pid 5395] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5394] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5393] <... futex resumed>) = 1 [pid 5395] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5393] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... mount resumed>) = 0 [pid 5395] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5393] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5393] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... write resumed>) = 262144 [pid 5395] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5394] ioctl(5, LOOP_CLR_FD) = 0 [pid 5394] close(5) = 0 [pid 5394] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] exit_group(0 [pid 5395] <... futex resumed>) = ? [pid 5394] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5396 attached , child_tidptr=0x555556e0f690) = 5396 [pid 5396] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5396] chdir("./95") = 0 [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5396] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5396] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5397 attached [pid 5397] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5396] <... clone3 resumed> => {parent_tid=[5397]}, 88) = 5397 [pid 5397] <... rseq resumed>) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] set_robust_list(0x7f4380f929a0, 24 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] <... set_robust_list resumed>) = 0 [pid 5396] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5396] <... futex resumed>) = 0 [pid 5397] memfd_create("syzkaller", 0 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] <... memfd_create resumed>) = 3 [pid 5397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [ 56.639856][ T5394] loop0: detected capacity change from 0 to 512 [ 56.657006][ T5394] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5396] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE [pid 5397] <... write resumed>) = 262144 [pid 5396] <... mprotect resumed>) = 0 [pid 5397] munmap(0x7f4378b72000, 262144 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5398 attached [pid 5398] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5396] <... clone3 resumed> => {parent_tid=[5398]}, 88) = 5398 [pid 5398] <... rseq resumed>) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5396] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5396] <... futex resumed>) = 0 [pid 5398] <... open resumed>) = 4 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] <... munmap resumed>) = 0 [pid 5396] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5396] <... futex resumed>) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5398] fallocate(4, 0, 35143, 7 [pid 5397] <... openat resumed>) = 5 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] ioctl(5, LOOP_SET_FD, 3 [pid 5398] <... fallocate resumed>) = 0 [pid 5398] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... ioctl resumed>) = 0 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] close(3 [pid 5398] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5398] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5398] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... close resumed>) = 0 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] mkdir("./file1", 0777 [pid 5396] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5398] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5396] <... futex resumed>) = 0 [pid 5397] <... mkdir resumed>) = 0 [pid 5396] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5398] <... write resumed>) = 262144 [pid 5398] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5398] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5397] ioctl(5, LOOP_CLR_FD) = 0 [pid 5397] close(5) = 0 [pid 5397] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] exit_group(0 [pid 5398] <... futex resumed>) = ? [pid 5397] <... futex resumed>) = ? [pid 5396] <... exit_group resumed>) = ? [pid 5397] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ [pid 5396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5399 ./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x555556e0f6a0, 24) = 0 [ 56.725804][ T5397] loop0: detected capacity change from 0 to 512 [ 56.743479][ T5397] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5399] chdir("./96") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5399] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5399] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5400]}, 88) = 5400 ./strace-static-x86_64: Process 5400 attached [pid 5400] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5400] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5400] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5399] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5400] memfd_create("syzkaller", 0) = 3 [pid 5400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5399] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5399] <... futex resumed>) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5399] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5401 attached => {parent_tid=[5401]}, 88) = 5401 [pid 5401] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5401] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] <... write resumed>) = 262144 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5400] munmap(0x7f4378b72000, 262144 [pid 5399] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5399] <... futex resumed>) = 1 [pid 5401] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5399] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... open resumed>) = 4 [pid 5400] <... munmap resumed>) = 0 [pid 5401] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5401] <... futex resumed>) = 1 [pid 5400] <... openat resumed>) = 5 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5401] fallocate(4, 0, 35143, 7 [pid 5400] ioctl(5, LOOP_SET_FD, 3 [pid 5399] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... ioctl resumed>) = 0 [pid 5400] close(3) = 0 [pid 5400] mkdir("./file1", 0777) = 0 [pid 5400] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5401] <... fallocate resumed>) = 0 [pid 5401] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5399] <... futex resumed>) = 1 [pid 5401] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5399] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... mount resumed>) = 0 [pid 5401] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5399] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... open resumed>) = 3 [pid 5401] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5401] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5399] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... write resumed>) = 262144 [pid 5401] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5400] ioctl(5, LOOP_CLR_FD) = 0 [pid 5400] close(5) = 0 [pid 5400] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] exit_group(0 [pid 5401] <... futex resumed>) = ? [pid 5400] <... futex resumed>) = ? [pid 5399] <... exit_group resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5402 attached [pid 5402] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5402] chdir("./97" [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5402 [pid 5402] <... chdir resumed>) = 0 [pid 5402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5402] setpgid(0, 0) = 0 [pid 5402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5402] write(3, "1000", 4) = 4 [pid 5402] close(3) = 0 [pid 5402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5402] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5402] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5403]}, 88) = 5403 ./strace-static-x86_64: Process 5403 attached [pid 5402] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] <... rseq resumed>) = 0 [pid 5402] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] set_robust_list(0x7f4380f929a0, 24 [pid 5402] <... futex resumed>) = 0 [pid 5403] <... set_robust_list resumed>) = 0 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] <... futex resumed>) = 0 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5403] memfd_create("syzkaller", 0 [pid 5402] <... mmap resumed>) = 0x7f4380f51000 [pid 5402] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5403] <... memfd_create resumed>) = 3 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5402] <... mprotect resumed>) = 0 [pid 5403] <... mmap resumed>) = 0x7f4378b51000 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5404]}, 88) = 5404 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5404 attached [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5402] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5402] <... futex resumed>) = 0 [ 56.821561][ T5400] loop0: detected capacity change from 0 to 512 [ 56.838047][ T5400] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... rseq resumed>) = 0 [pid 5404] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] <... write resumed>) = 262144 [pid 5404] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5403] munmap(0x7f4378b51000, 262144 [pid 5404] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... futex resumed>) = 1 [pid 5404] fallocate(4, 0, 35143, 7 [pid 5403] <... munmap resumed>) = 0 [pid 5403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5403] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5403] close(3) = 0 [pid 5403] mkdir("./file1", 0777) = 0 [pid 5403] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5404] <... fallocate resumed>) = 0 [pid 5404] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5404] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5402] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... open resumed>) = 3 [pid 5402] <... futex resumed>) = 0 [pid 5404] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5402] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.903956][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 56.903971][ T28] audit: type=1800 audit(1694162025.039:99): pid=5404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 56.910042][ T5403] loop0: detected capacity change from 0 to 512 [pid 5402] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... write resumed>) = 262144 [pid 5404] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5404] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5403] ioctl(5, LOOP_CLR_FD) = 0 [pid 5403] close(5) = 0 [pid 5403] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] exit_group(0 [pid 5404] <... futex resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5402] <... exit_group resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5402, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5405 ./strace-static-x86_64: Process 5405 attached [pid 5405] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5405] chdir("./98") = 0 [ 56.947413][ T5403] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5405] setpgid(0, 0) = 0 [pid 5405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5405] write(3, "1000", 4) = 4 [pid 5405] close(3) = 0 [pid 5405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5405] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5405] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5406]}, 88) = 5406 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5405] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 ./strace-static-x86_64: Process 5406 attached [pid 5405] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5407 attached [pid 5407] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5405] <... clone3 resumed> => {parent_tid=[5407]}, 88) = 5407 [pid 5407] set_robust_list(0x7f4380f719a0, 24 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] <... set_robust_list resumed>) = 0 [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] <... futex resumed>) = 0 [pid 5407] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5405] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5407] <... open resumed>) = 3 [pid 5407] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5405] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] fallocate(3, 0, 35143, 7 [pid 5406] <... rseq resumed>) = 0 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5406] memfd_create("syzkaller", 0) = 4 [pid 5406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5406] munmap(0x7f4378b51000, 262144) = 0 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5406] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5406] close(4) = 0 [pid 5406] mkdir("./file1", 0777) = 0 [pid 5407] <... fallocate resumed>) = 0 [pid 5406] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5407] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5407] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5405] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5407] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 5407] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... futex resumed>) = 0 [pid 5407] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5407] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5407] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5406] ioctl(5, LOOP_CLR_FD) = 0 [pid 5406] close(5) = 0 [pid 5406] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] exit_group(0 [pid 5406] <... futex resumed>) = ? [pid 5405] <... exit_group resumed>) = ? [pid 5406] +++ exited with 0 +++ [pid 5407] <... futex resumed>) = ? [pid 5407] +++ exited with 0 +++ [pid 5405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5405, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 57.002369][ T28] audit: type=1800 audit(1694162025.139:100): pid=5407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.017763][ T5406] loop0: detected capacity change from 0 to 512 [ 57.040097][ T5406] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5408 attached , child_tidptr=0x555556e0f690) = 5408 [pid 5408] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5408] chdir("./99") = 0 [pid 5408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5408] setpgid(0, 0) = 0 [pid 5408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5408] write(3, "1000", 4) = 4 [pid 5408] close(3) = 0 [pid 5408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5408] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5408] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5409 attached => {parent_tid=[5409]}, 88) = 5409 [pid 5409] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5409] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5409] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5408] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] memfd_create("syzkaller", 0 [pid 5408] <... futex resumed>) = 0 [pid 5409] <... memfd_create resumed>) = 3 [pid 5408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5408] <... mmap resumed>) = 0x7f4380f51000 [pid 5409] <... mmap resumed>) = 0x7f4378b51000 [pid 5408] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5408] <... mprotect resumed>) = 0 [pid 5408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] <... write resumed>) = 262144 [pid 5409] munmap(0x7f4378b51000, 262144) = 0 [pid 5409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5409] ioctl(4, LOOP_SET_FD, 3 [pid 5408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5409] <... ioctl resumed>) = 0 [pid 5409] close(3) = 0 [pid 5409] mkdir("./file1", 0777./strace-static-x86_64: Process 5410 attached ) = 0 [pid 5410] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5409] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5408] <... clone3 resumed> => {parent_tid=[5410]}, 88) = 5410 [pid 5410] <... rseq resumed>) = 0 [pid 5410] set_robust_list(0x7f4380f719a0, 24 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... set_robust_list resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5410] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5408] <... futex resumed>) = 1 [pid 5410] <... open resumed>) = 3 [pid 5408] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5408] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] fallocate(3, 0, 35143, 7 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... fallocate resumed>) = 0 [pid 5410] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5410] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] <... futex resumed>) = 0 [pid 5410] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5408] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... mount resumed>) = 0 [pid 5410] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5410] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5408] <... futex resumed>) = 0 [pid 5410] <... open resumed>) = 5 [pid 5408] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5408] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [ 57.108963][ T5409] loop0: detected capacity change from 0 to 512 [ 57.119880][ T28] audit: type=1800 audit(1694162025.259:101): pid=5410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1931 res=0 errno=0 [ 57.130639][ T5409] EXT4-fs (loop0): 1 orphan inode deleted [ 57.146585][ T5409] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5410] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... mount resumed>) = 0 [pid 5410] <... write resumed>) = 262144 [pid 5410] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] <... futex resumed>) = 0 [pid 5409] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5409] chdir("./file1") = 0 [pid 5409] ioctl(4, LOOP_CLR_FD) = 0 [pid 5409] close(4) = 0 [pid 5409] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] exit_group(0 [pid 5410] <... futex resumed>) = ? [pid 5409] <... futex resumed>) = ? [pid 5408] <... exit_group resumed>) = ? [pid 5410] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ [pid 5408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5408, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 57.160194][ T5409] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.201677][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5413 ./strace-static-x86_64: Process 5413 attached [pid 5413] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5413] chdir("./100") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5413] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5414 attached [pid 5414] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5414] set_robust_list(0x7f4380f929a0, 24 [pid 5413] <... clone3 resumed> => {parent_tid=[5414]}, 88) = 5414 [pid 5414] <... set_robust_list resumed>) = 0 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5414] memfd_create("syzkaller", 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... memfd_create resumed>) = 3 [ 57.211575][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 57.221672][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5413] <... futex resumed>) = 0 [pid 5414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5413] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5415 attached [pid 5415] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5415] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5415] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... write resumed>) = 262144 [pid 5414] munmap(0x7f4378b72000, 262144 [pid 5413] <... clone3 resumed> => {parent_tid=[5415]}, 88) = 5415 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5413] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5414] <... munmap resumed>) = 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = 4 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5414] ioctl(5, LOOP_SET_FD, 3 [pid 5415] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5415] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... ioctl resumed>) = 0 [pid 5413] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] close(3 [pid 5413] <... futex resumed>) = 0 [pid 5414] <... close resumed>) = 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] mkdir("./file1", 0777 [pid 5415] fallocate(4, 0, 35143, 7 [pid 5414] <... mkdir resumed>) = 0 [pid 5414] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5415] <... fallocate resumed>) = 0 [pid 5415] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5415] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5415] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5415] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [ 57.279715][ T28] audit: type=1800 audit(1694162025.419:102): pid=5415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.281869][ T5414] loop0: detected capacity change from 0 to 512 [pid 5415] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5414] ioctl(5, LOOP_CLR_FD) = 0 [pid 5414] close(5) = 0 [pid 5414] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] exit_group(0 [pid 5415] <... futex resumed>) = ? [pid 5413] <... exit_group resumed>) = ? [pid 5415] +++ exited with 0 +++ [pid 5414] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 57.319526][ T5416] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 57.322442][ T5414] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 57.344416][ T5414] EXT4-fs (loop0): get root inode failed [ 57.350095][ T5414] EXT4-fs (loop0): mount failed ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5418 ./strace-static-x86_64: Process 5418 attached [pid 5418] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5418] chdir("./101") = 0 [pid 5418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5418] setpgid(0, 0) = 0 [pid 5418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5418] write(3, "1000", 4) = 4 [pid 5418] close(3) = 0 [pid 5418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5418] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5418] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5419 attached [pid 5419] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5418] <... clone3 resumed> => {parent_tid=[5419]}, 88) = 5419 [pid 5419] <... rseq resumed>) = 0 [pid 5419] set_robust_list(0x7f4380f929a0, 24 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], [pid 5419] <... set_robust_list resumed>) = 0 [pid 5418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], [pid 5418] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5418] <... futex resumed>) = 0 [pid 5419] memfd_create("syzkaller", 0 [pid 5418] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... memfd_create resumed>) = 3 [pid 5418] <... futex resumed>) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5418] <... mmap resumed>) = 0x7f4380f51000 [pid 5418] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5418] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5420 attached => {parent_tid=[5420]}, 88) = 5420 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5418] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... write resumed>) = 262144 [pid 5420] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5419] munmap(0x7f4378b51000, 262144 [pid 5420] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5420] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5419] <... munmap resumed>) = 0 [pid 5419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5420] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] ioctl(5, LOOP_SET_FD, 3 [pid 5420] <... futex resumed>) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5420] fallocate(4, 0, 35143, 7 [pid 5419] <... ioctl resumed>) = 0 [pid 5418] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] close(3 [pid 5418] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... close resumed>) = 0 [pid 5419] mkdir("./file1", 0777) = 0 [pid 5419] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5420] <... fallocate resumed>) = 0 [pid 5420] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5420] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5418] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... mount resumed>) = 0 [pid 5420] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5420] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5418] <... futex resumed>) = 0 [pid 5420] <... open resumed>) = 3 [pid 5418] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5420] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5420] <... futex resumed>) = 1 [ 57.419749][ T28] audit: type=1800 audit(1694162025.559:103): pid=5420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.421796][ T5419] loop0: detected capacity change from 0 to 512 [ 57.461384][ T5419] EXT4-fs (loop0): 1 orphan inode deleted [pid 5420] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... mount resumed>) = 0 [pid 5419] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5419] chdir("./file1") = 0 [pid 5419] ioctl(5, LOOP_CLR_FD) = 0 [pid 5419] close(5) = 0 [pid 5419] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] exit_group(0) = ? [pid 5420] <... futex resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] <... futex resumed>) = ? [pid 5419] +++ exited with 0 +++ [pid 5418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5418, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 57.467332][ T5419] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.479595][ T5419] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.508489][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5423 attached , child_tidptr=0x555556e0f690) = 5423 [pid 5423] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5423] chdir("./102") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5423] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5424]}, 88) = 5424 ./strace-static-x86_64: Process 5424 attached [pid 5424] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] <... rseq resumed>) = 0 [pid 5424] set_robust_list(0x7f4380f929a0, 24 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] <... set_robust_list resumed>) = 0 [pid 5423] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] <... futex resumed>) = 0 [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5424] memfd_create("syzkaller", 0 [pid 5423] <... mmap resumed>) = 0x7f4380f51000 [pid 5423] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5424] <... memfd_create resumed>) = 3 [pid 5423] <... mprotect resumed>) = 0 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5425 attached => {parent_tid=[5425]}, 88) = 5425 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] set_robust_list(0x7f4380f719a0, 24 [pid 5423] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... set_robust_list resumed>) = 0 [pid 5423] <... futex resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 57.518297][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 57.528247][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5425] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5425] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5423] <... futex resumed>) = 1 [pid 5425] fallocate(4, 0, 35143, 7 [pid 5423] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5424] munmap(0x7f4378b51000, 262144) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5424] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] mkdir("./file1", 0777 [pid 5425] <... fallocate resumed>) = 0 [pid 5424] <... mkdir resumed>) = 0 [pid 5425] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5425] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5425] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5425] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5423] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... write resumed>) = 262144 [pid 5425] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5425] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5424] ioctl(5, LOOP_CLR_FD) = 0 [pid 5424] close(5) = 0 [pid 5424] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] exit_group(0 [pid 5425] <... futex resumed>) = ? [pid 5424] <... futex resumed>) = ? [pid 5423] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ [pid 5424] +++ exited with 0 +++ [pid 5423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5423, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5426 attached , child_tidptr=0x555556e0f690) = 5426 [pid 5426] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5426] chdir("./103") = 0 [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 57.579358][ T28] audit: type=1800 audit(1694162025.719:104): pid=5425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.583923][ T5424] loop0: detected capacity change from 0 to 512 [ 57.617374][ T5424] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5426] setpgid(0, 0) = 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5426] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5427 attached [pid 5427] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5426] <... clone3 resumed> => {parent_tid=[5427]}, 88) = 5427 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5426] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5428 attached => {parent_tid=[5428]}, 88) = 5428 [pid 5428] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] <... rseq resumed>) = 0 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] set_robust_list(0x7f4380f719a0, 24 [pid 5426] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... set_robust_list resumed>) = 0 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] <... futex resumed>) = 0 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5426] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... rseq resumed>) = 0 [pid 5427] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] <... open resumed>) = 3 [pid 5427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 1 [pid 5428] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] fallocate(3, 0, 35143, 7 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] memfd_create("syzkaller", 0) = 4 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5427] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5427] munmap(0x7f4378b51000, 262144) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5427] ioctl(5, LOOP_SET_FD, 4 [pid 5428] <... fallocate resumed>) = 0 [pid 5428] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5428] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] <... futex resumed>) = 0 [pid 5428] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5426] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... ioctl resumed>) = 0 [pid 5428] <... mount resumed>) = 0 [pid 5427] close(4) = 0 [pid 5427] mkdir("./file1", 0777 [pid 5428] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5428] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5427] <... mkdir resumed>) = 0 [pid 5428] <... open resumed>) = 4 [pid 5426] <... futex resumed>) = 0 [pid 5427] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5426] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5428] <... futex resumed>) = 0 [pid 5426] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5426] <... futex resumed>) = 0 [ 57.674558][ T28] audit: type=1800 audit(1694162025.809:105): pid=5428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.684193][ T5427] loop0: detected capacity change from 0 to 512 [ 57.707939][ T5429] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5426] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... write resumed>) = 262144 [pid 5428] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... futex resumed>) = 0 [pid 5427] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5427] ioctl(5, LOOP_CLR_FD) = 0 [pid 5427] close(5) = 0 [pid 5427] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] exit_group(0 [pid 5428] <... futex resumed>) = ? [pid 5428] +++ exited with 0 +++ [pid 5427] <... futex resumed>) = ? [pid 5426] <... exit_group resumed>) = ? [pid 5427] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5426, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5431] chdir("./104") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [ 57.718914][ T5427] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 57.733354][ T5427] EXT4-fs (loop0): get root inode failed [ 57.739798][ T5427] EXT4-fs (loop0): mount failed [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5431] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5432 attached [pid 5432] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... rseq resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] set_robust_list(0x7f4380f929a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] <... futex resumed>) = 0 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5432] <... memfd_create resumed>) = 3 [pid 5431] <... mmap resumed>) = 0x7f4380f51000 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5431] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5431] <... mprotect resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5433]}, 88) = 5433 ./strace-static-x86_64: Process 5433 attached [pid 5431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5433] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5432] <... write resumed>) = 262144 [pid 5433] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] munmap(0x7f4378b51000, 262144 [pid 5433] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... munmap resumed>) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5432] ioctl(5, LOOP_SET_FD, 3 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5433] fallocate(4, 0, 35143, 7 [pid 5431] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... ioctl resumed>) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./file1", 0777) = 0 [pid 5432] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5433] <... fallocate resumed>) = 0 [pid 5433] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... mount resumed>) = 0 [pid 5433] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5431] <... futex resumed>) = 0 [ 57.796014][ T28] audit: type=1800 audit(1694162025.929:106): pid=5433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.805114][ T5432] loop0: detected capacity change from 0 to 512 [ 57.839817][ T5432] EXT4-fs (loop0): 1 orphan inode deleted [pid 5431] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... open resumed>) = 3 [pid 5433] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5431] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... write resumed>) = 262144 [pid 5432] <... mount resumed>) = 0 [pid 5432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5433] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5433] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... openat resumed>) = 6 [pid 5432] chdir("./file1") = 0 [pid 5432] ioctl(5, LOOP_CLR_FD) = 0 [pid 5432] close(5) = 0 [pid 5432] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0 [pid 5433] <... futex resumed>) = ? [pid 5431] <... exit_group resumed>) = ? [pid 5433] +++ exited with 0 +++ [pid 5432] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 57.845681][ T5432] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.858903][ T5432] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.884408][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5436 attached , child_tidptr=0x555556e0f690) = 5436 [pid 5436] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5436] chdir("./105") = 0 [pid 5436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5436] setpgid(0, 0) = 0 [pid 5436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5436] write(3, "1000", 4) = 4 [pid 5436] close(3) = 0 [pid 5436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5436] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5436] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5437 attached => {parent_tid=[5437]}, 88) = 5437 [pid 5437] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5437] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5437] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5436] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] memfd_create("syzkaller", 0 [pid 5436] <... futex resumed>) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5437] <... memfd_create resumed>) = 3 [pid 5437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5436] <... mmap resumed>) = 0x7f4380f51000 [pid 5437] <... mmap resumed>) = 0x7f4378b51000 [pid 5436] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5436] <... mprotect resumed>) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5438 attached [pid 5438] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5436] <... clone3 resumed> => {parent_tid=[5438]}, 88) = 5438 [pid 5438] <... rseq resumed>) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5436] <... futex resumed>) = 0 [ 57.898033][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 57.907745][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5438] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... write resumed>) = 262144 [pid 5436] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... futex resumed>) = 0 [pid 5437] munmap(0x7f4378b51000, 262144 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... munmap resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] fallocate(4, 0, 35143, 7 [pid 5437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5437] ioctl(5, LOOP_SET_FD, 3 [pid 5438] <... fallocate resumed>) = 0 [pid 5438] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5438] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5436] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5437] <... ioctl resumed>) = 0 [pid 5436] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] close(3 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5436] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... close resumed>) = 0 [pid 5438] <... write resumed>) = 262144 [pid 5437] mkdir("./file1", 0777 [pid 5438] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... mkdir resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5438] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 5437] ioctl(5, LOOP_CLR_FD) = 0 [pid 5437] close(5) = 0 [pid 5437] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] exit_group(0 [pid 5437] <... futex resumed>) = ? [pid 5438] <... futex resumed>) = ? [pid 5437] +++ exited with 0 +++ [pid 5436] <... exit_group resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5436, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5439 attached [pid 5439] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5439] chdir("./106") = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5439 [pid 5439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 57.954485][ T28] audit: type=1800 audit(1694162026.089:107): pid=5438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.959693][ T5437] loop0: detected capacity change from 0 to 512 [ 57.991852][ T5437] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5439] setpgid(0, 0) = 0 [pid 5439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5439] write(3, "1000", 4) = 4 [pid 5439] close(3) = 0 [pid 5439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5439] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5439] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5440 attached [pid 5440] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5439] <... clone3 resumed> => {parent_tid=[5440]}, 88) = 5440 [pid 5440] <... rseq resumed>) = 0 [pid 5440] set_robust_list(0x7f4380f929a0, 24 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] <... set_robust_list resumed>) = 0 [pid 5439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5439] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] memfd_create("syzkaller", 0) = 3 [pid 5439] <... futex resumed>) = 0 [pid 5440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... mmap resumed>) = 0x7f4378b72000 [pid 5439] <... futex resumed>) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5439] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5441 attached [pid 5441] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5439] <... clone3 resumed> => {parent_tid=[5441]}, 88) = 5441 [pid 5441] <... rseq resumed>) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], [pid 5439] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5441] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5439] <... futex resumed>) = 0 [pid 5441] <... open resumed>) = 4 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... write resumed>) = 262144 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5439] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] munmap(0x7f4378b72000, 262144) = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5440] ioctl(5, LOOP_SET_FD, 3 [pid 5441] <... futex resumed>) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5441] fallocate(4, 0, 35143, 7 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=28000000} [pid 5440] <... ioctl resumed>) = 0 [pid 5440] close(3) = 0 [pid 5440] mkdir("./file1", 0777) = 0 [pid 5440] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5441] <... fallocate resumed>) = 0 [pid 5441] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5441] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5439] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... mount resumed>) = 0 [pid 5441] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5441] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5441] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5441] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5439] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... write resumed>) = 262144 [pid 5441] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] <... futex resumed>) = 0 [pid 5440] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5440] ioctl(5, LOOP_CLR_FD) = 0 [pid 5440] close(5) = 0 [pid 5440] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] exit_group(0 [pid 5440] <... futex resumed>) = ? [pid 5439] <... exit_group resumed>) = ? [pid 5440] +++ exited with 0 +++ [pid 5441] <... futex resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5439, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 58.056420][ T28] audit: type=1800 audit(1694162026.189:108): pid=5441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 58.064247][ T5440] loop0: detected capacity change from 0 to 512 [ 58.091367][ T5440] EXT4-fs (loop0): Magic mismatch, very weird! clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached , child_tidptr=0x555556e0f690) = 5442 [pid 5442] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5442] chdir("./107") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5442] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5443 attached => {parent_tid=[5443]}, 88) = 5443 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5442] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5443] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5442] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5443] <... rseq resumed>) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5443] set_robust_list(0x7f4380f929a0, 24 [pid 5442] <... clone3 resumed> => {parent_tid=[5444]}, 88) = 5444 ./strace-static-x86_64: Process 5444 attached [pid 5443] <... set_robust_list resumed>) = 0 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5442] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5443] memfd_create("syzkaller", 0 [pid 5442] <... futex resumed>) = 0 [pid 5444] <... rseq resumed>) = 0 [pid 5444] set_robust_list(0x7f4380f719a0, 24 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... set_robust_list resumed>) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] <... memfd_create resumed>) = 3 [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5444] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... mmap resumed>) = 0x7f4378b51000 [pid 5443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5442] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5444] fallocate(4, 0, 35143, 7 [pid 5442] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... write resumed>) = 262144 [pid 5443] munmap(0x7f4378b51000, 262144) = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5444] <... fallocate resumed>) = 0 [pid 5444] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... openat resumed>) = 5 [pid 5442] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5443] ioctl(5, LOOP_SET_FD, 3 [pid 5444] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5442] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... mount resumed>) = 0 [pid 5444] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... ioctl resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5444] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] close(3 [pid 5442] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... close resumed>) = 0 [pid 5442] <... futex resumed>) = 0 [pid 5444] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5443] mkdir("./file1", 0777 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... open resumed>) = 3 [pid 5443] <... mkdir resumed>) = 0 [pid 5444] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5444] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] <... futex resumed>) = 0 [pid 5444] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5442] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5444] <... write resumed>) = 262144 [pid 5444] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5444] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5443] ioctl(5, LOOP_CLR_FD) = 0 [pid 5443] close(5) = 0 [pid 5443] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] exit_group(0 [pid 5443] <... futex resumed>) = ? [pid 5442] <... exit_group resumed>) = ? [pid 5443] +++ exited with 0 +++ [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5445 attached , child_tidptr=0x555556e0f690) = 5445 [pid 5445] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5445] chdir("./108") = 0 [pid 5445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5445] setpgid(0, 0) = 0 [pid 5445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5445] write(3, "1000", 4) = 4 [pid 5445] close(3) = 0 [pid 5445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5445] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.166839][ T5443] loop0: detected capacity change from 0 to 512 [ 58.182878][ T5443] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5445] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5445] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5446 attached => {parent_tid=[5446]}, 88) = 5446 [pid 5446] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... rseq resumed>) = 0 [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] set_robust_list(0x7f4380f929a0, 24 [pid 5445] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... set_robust_list resumed>) = 0 [pid 5445] <... futex resumed>) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5445] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] <... futex resumed>) = 0 [pid 5446] memfd_create("syzkaller", 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5446] <... memfd_create resumed>) = 3 [pid 5445] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5445] <... mprotect resumed>) = 0 [pid 5446] <... mmap resumed>) = 0x7f4378b51000 [pid 5446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5447 attached [pid 5447] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5445] <... clone3 resumed> => {parent_tid=[5447]}, 88) = 5447 [pid 5447] <... rseq resumed>) = 0 [pid 5447] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5445] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5446] <... write resumed>) = 262144 [pid 5446] munmap(0x7f4378b51000, 262144) = 0 [pid 5446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5446] ioctl(5, LOOP_SET_FD, 3 [pid 5447] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... ioctl resumed>) = 0 [pid 5446] close(3) = 0 [pid 5447] <... futex resumed>) = 1 [pid 5446] mkdir("./file1", 0777 [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] fallocate(4, 0, 35143, 7 [pid 5446] <... mkdir resumed>) = 0 [pid 5446] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5447] <... fallocate resumed>) = 0 [pid 5447] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [pid 5447] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5445] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... mount resumed>) = 0 [pid 5447] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5447] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... open resumed>) = 3 [pid 5447] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5447] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... write resumed>) = 262144 [pid 5447] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... futex resumed>) = 0 [pid 5446] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5446] ioctl(5, LOOP_CLR_FD) = 0 [pid 5446] close(5) = 0 [pid 5446] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5446] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5445] <... exit_group resumed>) = ? [pid 5446] +++ exited with 0 +++ [pid 5445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5445, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5448 ./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5448] chdir("./109") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5448] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5449 attached [pid 5449] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5449] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5449] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... clone3 resumed> => {parent_tid=[5449]}, 88) = 5449 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5448] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = 1 [pid 5449] memfd_create("syzkaller", 0) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... mmap resumed>) = 0x7f4378b72000 [pid 5448] <... futex resumed>) = 0 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5448] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5450 attached [pid 5450] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5448] <... clone3 resumed> => {parent_tid=[5450]}, 88) = 5450 [pid 5450] <... rseq resumed>) = 0 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5448] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5448] <... futex resumed>) = 0 [pid 5450] <... open resumed>) = 4 [pid 5450] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] <... write resumed>) = 262144 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.237563][ T5446] loop0: detected capacity change from 0 to 512 [ 58.257095][ T5446] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5449] munmap(0x7f4378b72000, 262144 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] <... munmap resumed>) = 0 [pid 5448] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5449] ioctl(5, LOOP_SET_FD, 3 [pid 5450] <... futex resumed>) = 0 [pid 5450] fallocate(4, 0, 35143, 7 [pid 5449] <... ioctl resumed>) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./file1", 0777) = 0 [pid 5449] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5450] <... fallocate resumed>) = 0 [pid 5450] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5450] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5448] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5448] <... futex resumed>) = 0 [pid 5450] <... open resumed>) = 3 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5450] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = 0 [pid 5449] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5449] ioctl(5, LOOP_CLR_FD) = 0 [pid 5449] close(5) = 0 [pid 5449] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] exit_group(0 [pid 5450] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] <... futex resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5451 ./strace-static-x86_64: Process 5451 attached [pid 5451] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5451] chdir("./110") = 0 [pid 5451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5451] setpgid(0, 0) = 0 [pid 5451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5451] write(3, "1000", 4) = 4 [pid 5451] close(3) = 0 [pid 5451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5451] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5451] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5452]}, 88) = 5452 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5451] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5452 attached [pid 5451] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5451] <... futex resumed>) = 0 [pid 5452] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5451] <... mmap resumed>) = 0x7f4380f51000 [pid 5451] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5452] memfd_create("syzkaller", 0) = 3 [pid 5451] <... mprotect resumed>) = 0 [pid 5452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5453]}, 88) = 5453 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5453 attached [pid 5451] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5453] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5453] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5452] <... write resumed>) = 262144 [pid 5453] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] munmap(0x7f4378b51000, 262144 [pid 5453] fallocate(4, 0, 35143, 7 [pid 5451] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... munmap resumed>) = 0 [pid 5451] <... futex resumed>) = 0 [ 58.320056][ T5449] loop0: detected capacity change from 0 to 512 [ 58.337415][ T5449] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5451] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5452] ioctl(5, LOOP_SET_FD, 3 [pid 5453] <... fallocate resumed>) = 0 [pid 5453] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5453] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5453] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5451] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... ioctl resumed>) = 0 [pid 5453] <... mount resumed>) = 0 [pid 5452] close(3 [pid 5453] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... close resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5453] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5453] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5451] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] mkdir("./file1", 0777 [pid 5453] <... open resumed>) = 3 [pid 5453] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5453] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] <... mkdir resumed>) = 0 [pid 5451] <... futex resumed>) = 0 [pid 5453] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5451] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5453] <... write resumed>) = 262144 [pid 5453] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5453] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5452] ioctl(5, LOOP_CLR_FD) = 0 [pid 5452] close(5) = 0 [pid 5452] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] exit_group(0) = ? [pid 5452] <... futex resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5453] <... futex resumed>) = ? [pid 5453] +++ exited with 0 +++ [pid 5451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5451, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5454 ./strace-static-x86_64: Process 5454 attached [pid 5454] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5454] chdir("./111") = 0 [pid 5454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5454] setpgid(0, 0) = 0 [pid 5454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5454] write(3, "1000", 4) = 4 [pid 5454] close(3) = 0 [pid 5454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5454] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5454] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5455 attached => {parent_tid=[5455]}, 88) = 5455 [pid 5455] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5454] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5454] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5456 attached [pid 5455] memfd_create("syzkaller", 0 [pid 5454] <... clone3 resumed> => {parent_tid=[5456]}, 88) = 5456 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... memfd_create resumed>) = 3 [pid 5456] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5456] <... rseq resumed>) = 0 [pid 5455] <... mmap resumed>) = 0x7f4378b51000 [pid 5456] set_robust_list(0x7f4380f719a0, 24 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... set_robust_list resumed>) = 0 [pid 5455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5455] <... write resumed>) = 262144 [pid 5455] munmap(0x7f4378b51000, 262144 [pid 5456] <... open resumed>) = 4 [pid 5456] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] <... munmap resumed>) = 0 [pid 5456] fallocate(4, 0, 35143, 7 [pid 5455] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5454] <... futex resumed>) = 0 [pid 5455] <... openat resumed>) = 5 [pid 5455] ioctl(5, LOOP_SET_FD, 3 [ 58.399494][ T5452] loop0: detected capacity change from 0 to 512 [ 58.418566][ T5452] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5454] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... fallocate resumed>) = 0 [pid 5456] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5454] <... futex resumed>) = 0 [pid 5456] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5454] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... mount resumed>) = 0 [pid 5455] <... ioctl resumed>) = 0 [pid 5456] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5454] <... futex resumed>) = 0 [pid 5456] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5454] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... open resumed>) = 6 [pid 5456] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5454] <... futex resumed>) = 0 [pid 5455] close(3) = 0 [pid 5455] mkdir("./file1", 0777) = 0 [pid 5455] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5454] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... write resumed>) = 262144 [pid 5456] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5455] ioctl(5, LOOP_CLR_FD) = 0 [pid 5455] close(5) = 0 [pid 5455] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] exit_group(0 [pid 5455] <... futex resumed>) = ? [pid 5456] <... futex resumed>) = ? [pid 5454] <... exit_group resumed>) = ? [pid 5455] +++ exited with 0 +++ [pid 5456] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5454, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5457 attached , child_tidptr=0x555556e0f690) = 5457 [pid 5457] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5457] chdir("./112") = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5457] setpgid(0, 0) = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5457] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5458 attached => {parent_tid=[5458]}, 88) = 5458 [pid 5458] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] <... rseq resumed>) = 0 [pid 5457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] set_robust_list(0x7f4380f929a0, 24 [pid 5457] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... set_robust_list resumed>) = 0 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] <... futex resumed>) = 0 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] memfd_create("syzkaller", 0 [pid 5457] <... futex resumed>) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5458] <... memfd_create resumed>) = 3 [pid 5457] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5457] <... mprotect resumed>) = 0 [pid 5458] <... mmap resumed>) = 0x7f4378b51000 [pid 5457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5459]}, 88) = 5459 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5457] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5458] munmap(0x7f4378b51000, 262144) = 0 [pid 5458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5458] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5459 attached [ 58.476318][ T5455] loop0: detected capacity change from 0 to 512 [ 58.493405][ T5455] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5459] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5459] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5458] <... ioctl resumed>) = 0 [pid 5458] close(3) = 0 [pid 5458] mkdir("./file1", 0777) = 0 [pid 5458] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5459] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5459] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5459] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5459] fallocate(3, 0, 35143, 7) = 0 [pid 5459] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5459] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5459] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5457] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5459] <... futex resumed>) = 0 [pid 5459] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5457] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... open resumed>) = 5 [pid 5459] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5459] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5459] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5457] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... write resumed>) = 262144 [pid 5459] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] <... futex resumed>) = 0 [ 58.531590][ T5458] loop0: detected capacity change from 0 to 512 [ 58.551527][ T5458] EXT4-fs (loop0): 1 orphan inode deleted [ 58.557850][ T5458] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5458] <... mount resumed>) = 0 [pid 5458] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5458] chdir("./file1") = 0 [pid 5458] ioctl(4, LOOP_CLR_FD) = 0 [pid 5458] close(4) = 0 [pid 5458] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] exit_group(0) = ? [pid 5458] <... futex resumed>) = ? [pid 5458] +++ exited with 0 +++ [pid 5459] <... futex resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5457, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 58.570626][ T5458] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/112/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5462 ./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5462] chdir("./113") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5462] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5463]}, 88) = 5463 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5462] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5463 attached [pid 5463] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5462] <... mprotect resumed>) = 0 [pid 5463] <... rseq resumed>) = 0 [pid 5463] set_robust_list(0x7f4380f929a0, 24 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5463] <... set_robust_list resumed>) = 0 [pid 5462] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5463] memfd_create("syzkaller", 0 [pid 5462] <... clone3 resumed> => {parent_tid=[5464]}, 88) = 5464 [pid 5463] <... memfd_create resumed>) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5464 attached [pid 5463] <... mmap resumed>) = 0x7f4378b51000 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5464] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5462] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... rseq resumed>) = 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... write resumed>) = 262144 [pid 5464] set_robust_list(0x7f4380f719a0, 24 [pid 5463] munmap(0x7f4378b51000, 262144 [pid 5464] <... set_robust_list resumed>) = 0 [pid 5463] <... munmap resumed>) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 58.608105][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.618125][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 58.628021][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5463] ioctl(5, LOOP_SET_FD, 3 [pid 5464] <... open resumed>) = 4 [pid 5464] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5464] fallocate(4, 0, 35143, 7 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... ioctl resumed>) = 0 [pid 5463] close(3) = 0 [pid 5463] mkdir("./file1", 0777) = 0 [pid 5463] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5464] <... fallocate resumed>) = 0 [pid 5464] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... futex resumed>) = 1 [pid 5464] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5464] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... futex resumed>) = 1 [pid 5464] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5464] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... futex resumed>) = 1 [pid 5464] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5464] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = 1 [pid 5464] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] <... mount resumed>) = 0 [pid 5463] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5463] chdir("./file1") = 0 [pid 5463] ioctl(5, LOOP_CLR_FD) = 0 [pid 5463] close(5) = 0 [pid 5463] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] exit_group(0) = ? [pid 5464] <... futex resumed>) = ? [pid 5463] <... futex resumed>) = ? [pid 5464] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 [ 58.673774][ T5463] loop0: detected capacity change from 0 to 512 [ 58.698514][ T5463] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.710737][ T5463] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/113/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5467] chdir("./114") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5467] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5468 attached => {parent_tid=[5468]}, 88) = 5468 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5468] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] memfd_create("syzkaller", 0 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... memfd_create resumed>) = 3 [pid 5468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5467] <... futex resumed>) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5467] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5468] <... write resumed>) = 262144 [pid 5467] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5468] munmap(0x7f4378b72000, 262144 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5469 attached [pid 5469] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5467] <... clone3 resumed> => {parent_tid=[5469]}, 88) = 5469 [pid 5469] <... rseq resumed>) = 0 [pid 5469] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5469] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... munmap resumed>) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5469] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5468] <... openat resumed>) = 4 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... open resumed>) = 5 [ 58.739586][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5469] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] ioctl(4, LOOP_SET_FD, 3 [pid 5467] <... futex resumed>) = 0 [pid 5469] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5469] fallocate(5, 0, 35143, 7 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... ioctl resumed>) = 0 [pid 5468] close(3) = 0 [pid 5468] mkdir("./file1", 0777) = 0 [pid 5468] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5469] <... fallocate resumed>) = 0 [pid 5469] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5469] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5469] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5467] <... futex resumed>) = 0 [pid 5469] <... open resumed>) = 3 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5469] <... futex resumed>) = 1 [pid 5467] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... write resumed>) = 262144 [pid 5469] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5469] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] exit_group(0 [pid 5469] <... futex resumed>) = ? [pid 5468] <... futex resumed>) = ? [pid 5468] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ [pid 5467] <... exit_group resumed>) = ? [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5470 attached , child_tidptr=0x555556e0f690) = 5470 [pid 5470] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5470] chdir("./115") = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5470] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5470] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5471 attached => {parent_tid=[5471]}, 88) = 5471 [pid 5471] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5470] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] set_robust_list(0x7f4380f929a0, 24 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... set_robust_list resumed>) = 0 [pid 5470] <... futex resumed>) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] <... mmap resumed>) = 0x7f4380f51000 [pid 5471] memfd_create("syzkaller", 0 [pid 5470] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5471] <... memfd_create resumed>) = 3 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5472 attached ) = 0x7f4378b51000 [pid 5470] <... clone3 resumed> => {parent_tid=[5472]}, 88) = 5472 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5470] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5472] set_robust_list(0x7f4380f719a0, 24 [pid 5470] <... futex resumed>) = 0 [pid 5472] <... set_robust_list resumed>) = 0 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5472] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5472] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5470] <... futex resumed>) = 1 [pid 5472] fallocate(4, 0, 35143, 7 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... write resumed>) = 262144 [pid 5471] munmap(0x7f4378b51000, 262144) = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5471] ioctl(5, LOOP_SET_FD, 3 [pid 5472] <... fallocate resumed>) = 0 [pid 5472] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5472] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5470] <... futex resumed>) = 0 [pid 5472] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [ 58.788421][ T5468] loop0: detected capacity change from 0 to 512 [ 58.807270][ T5468] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... mount resumed>) = 0 [pid 5472] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5471] <... ioctl resumed>) = 0 [pid 5471] close(3 [pid 5472] <... open resumed>) = 6 [pid 5471] <... close resumed>) = 0 [pid 5472] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5470] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5470] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] mkdir("./file1", 0777) = 0 [pid 5471] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5472] <... write resumed>) = 262144 [pid 5472] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5472] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5471] ioctl(5, LOOP_CLR_FD) = 0 [pid 5471] close(5) = 0 [pid 5471] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] exit_group(0 [pid 5471] <... futex resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5472] <... futex resumed>) = ? [pid 5472] +++ exited with 0 +++ [pid 5470] <... exit_group resumed>) = ? [pid 5470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5470, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5473] chdir("./116") = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5473 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5473] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5474 attached [pid 5474] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5473] <... clone3 resumed> => {parent_tid=[5474]}, 88) = 5474 [pid 5474] <... rseq resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] set_robust_list(0x7f4380f929a0, 24 [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] <... set_robust_list resumed>) = 0 [pid 5473] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] <... futex resumed>) = 0 [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] memfd_create("syzkaller", 0 [pid 5473] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5474] <... memfd_create resumed>) = 3 [pid 5473] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5473] <... mprotect resumed>) = 0 [pid 5474] <... mmap resumed>) = 0x7f4378b51000 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5473] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5475 attached => {parent_tid=[5475]}, 88) = 5475 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5473] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.865544][ T5471] loop0: detected capacity change from 0 to 512 [ 58.894552][ T5471] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5475] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5475] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5474] <... write resumed>) = 262144 [pid 5474] munmap(0x7f4378b51000, 262144 [pid 5475] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] fallocate(4, 0, 35143, 7 [pid 5474] <... munmap resumed>) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5474] ioctl(5, LOOP_SET_FD, 3 [pid 5475] <... fallocate resumed>) = 0 [pid 5475] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... ioctl resumed>) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5474] close(3 [pid 5473] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... close resumed>) = 0 [pid 5475] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5475] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5474] mkdir("./file1", 0777 [pid 5473] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... mount resumed>) = 0 [pid 5474] <... mkdir resumed>) = 0 [pid 5474] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5475] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5475] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5475] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5473] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... open resumed>) = 3 [pid 5475] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5475] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 0 [pid 5475] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5475] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5475] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5474] ioctl(5, LOOP_CLR_FD) = 0 [pid 5474] close(5) = 0 [pid 5474] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] exit_group(0 [pid 5475] <... futex resumed>) = ? [pid 5473] <... exit_group resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5474] <... futex resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 58.951668][ T5474] loop0: detected capacity change from 0 to 512 [ 58.963712][ T5474] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 58.975038][ T5474] EXT4-fs (loop0): group descriptors corrupted! clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5476] chdir("./117") = 0 [pid 5476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5476] setpgid(0, 0) = 0 [pid 5476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5476] write(3, "1000", 4) = 4 [pid 5476] close(3) = 0 [pid 5476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5476] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5476] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5477 attached => {parent_tid=[5477]}, 88) = 5477 [pid 5477] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] set_robust_list(0x7f4380f929a0, 24 [pid 5476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] <... set_robust_list resumed>) = 0 [pid 5476] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5476] <... futex resumed>) = 0 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5476 [pid 5477] memfd_create("syzkaller", 0 [pid 5476] <... futex resumed>) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5476] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5477] <... memfd_create resumed>) = 3 [pid 5476] <... mprotect resumed>) = 0 [pid 5477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5477] <... mmap resumed>) = 0x7f4378b51000 [pid 5476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5478 attached => {parent_tid=[5478]}, 88) = 5478 [pid 5478] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5478] <... rseq resumed>) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5476] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5478] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5478] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5478] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] fallocate(4, 0, 35143, 7 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... write resumed>) = 262144 [pid 5477] munmap(0x7f4378b51000, 262144) = 0 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5477] ioctl(5, LOOP_SET_FD, 3 [pid 5478] <... fallocate resumed>) = 0 [pid 5478] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... ioctl resumed>) = 0 [pid 5476] <... futex resumed>) = 0 [pid 5477] close(3 [pid 5476] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... close resumed>) = 0 [pid 5478] <... futex resumed>) = 0 [pid 5477] mkdir("./file1", 0777 [pid 5476] <... futex resumed>) = 1 [pid 5478] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5478] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... mkdir resumed>) = 0 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... futex resumed>) = 0 [pid 5477] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5478] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5476] <... futex resumed>) = 1 [pid 5478] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... write resumed>) = 262144 [pid 5478] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [ 59.049266][ T5477] loop0: detected capacity change from 0 to 512 [ 59.067357][ T5479] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 59.067968][ T5477] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 59.092239][ T5477] EXT4-fs (loop0): get root inode failed [pid 5478] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5477] ioctl(5, LOOP_CLR_FD) = 0 [pid 5477] close(5) = 0 [pid 5477] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] exit_group(0 [pid 5478] <... futex resumed>) = ? [pid 5477] <... futex resumed>) = ? [pid 5476] <... exit_group resumed>) = ? [pid 5478] +++ exited with 0 +++ [pid 5477] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5476, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5481 ./strace-static-x86_64: Process 5481 attached [ 59.097905][ T5477] EXT4-fs (loop0): mount failed [pid 5481] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5481] chdir("./118") = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5481] setpgid(0, 0) = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5481] write(3, "1000", 4) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5481] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5481] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5482 attached => {parent_tid=[5482]}, 88) = 5482 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] <... rseq resumed>) = 0 [pid 5482] set_robust_list(0x7f4380f929a0, 24 [pid 5481] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... set_robust_list resumed>) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5481] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5482] memfd_create("syzkaller", 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5482] <... memfd_create resumed>) = 3 [pid 5481] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5483 attached [pid 5481] <... clone3 resumed> => {parent_tid=[5483]}, 88) = 5483 [pid 5483] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5483] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5481] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5483] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5481] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... open resumed>) = 4 [pid 5483] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... write resumed>) = 262144 [pid 5483] <... futex resumed>) = 0 [pid 5483] fallocate(4, 0, 35143, 7 [pid 5482] munmap(0x7f4378b51000, 262144) = 0 [pid 5482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5482] ioctl(5, LOOP_SET_FD, 3 [pid 5483] <... fallocate resumed>) = 0 [pid 5483] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... ioctl resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5483] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] close(3 [pid 5483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] <... close resumed>) = 0 [pid 5481] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5482] mkdir("./file1", 0777 [pid 5483] <... mount resumed>) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5483] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] <... mkdir resumed>) = 0 [pid 5481] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5482] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5481] <... futex resumed>) = 1 [pid 5483] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5481] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... open resumed>) = 3 [pid 5483] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5483] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5481] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... write resumed>) = 262144 [pid 5483] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5483] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5482] ioctl(5, LOOP_CLR_FD) = 0 [pid 5482] close(5) = 0 [pid 5482] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] exit_group(0 [pid 5483] <... futex resumed>) = ? [pid 5481] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ [pid 5481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5481, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5485 ./strace-static-x86_64: Process 5485 attached [pid 5485] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5485] chdir("./119") = 0 [pid 5485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5485] setpgid(0, 0) = 0 [pid 5485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5485] write(3, "1000", 4) = 4 [pid 5485] close(3) = 0 [pid 5485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5485] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5485] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5486 attached => {parent_tid=[5486]}, 88) = 5486 [pid 5486] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], [pid 5486] set_robust_list(0x7f4380f929a0, 24 [pid 5485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... set_robust_list resumed>) = 0 [pid 5485] <... futex resumed>) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5485] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] <... futex resumed>) = 0 [pid 5486] memfd_create("syzkaller", 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5485] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5486] <... memfd_create resumed>) = 3 [ 59.163582][ T5482] loop0: detected capacity change from 0 to 512 [ 59.175569][ T5482] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 59.190628][ T5482] EXT4-fs (loop0): get root inode failed [ 59.196604][ T5482] EXT4-fs (loop0): mount failed [pid 5485] <... mprotect resumed>) = 0 [pid 5486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5487 attached [pid 5487] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5485] <... clone3 resumed> => {parent_tid=[5487]}, 88) = 5487 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5485] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... rseq resumed>) = 0 [pid 5487] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] <... write resumed>) = 262144 [pid 5486] munmap(0x7f4378b51000, 262144 [pid 5487] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5486] <... munmap resumed>) = 0 [pid 5486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5486] ioctl(5, LOOP_SET_FD, 3 [pid 5487] <... open resumed>) = 4 [pid 5487] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... ioctl resumed>) = 0 [pid 5485] <... futex resumed>) = 0 [pid 5486] close(3 [pid 5485] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... close resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5487] fallocate(4, 0, 35143, 7 [pid 5485] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] mkdir("./file1", 0777) = 0 [pid 5486] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5487] <... fallocate resumed>) = 0 [pid 5487] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5487] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] <... futex resumed>) = 0 [pid 5487] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5485] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... mount resumed>) = 0 [pid 5487] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5487] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5485] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] <... futex resumed>) = 0 [pid 5485] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... write resumed>) = 262144 [pid 5487] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5487] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5486] ioctl(5, LOOP_CLR_FD) = 0 [pid 5486] close(5) = 0 [pid 5486] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] exit_group(0 [pid 5487] <... futex resumed>) = ? [pid 5486] <... futex resumed>) = ? [pid 5487] +++ exited with 0 +++ [pid 5486] +++ exited with 0 +++ [pid 5485] <... exit_group resumed>) = ? [pid 5485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5485, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/bus") = 0 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5488 attached [pid 5488] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5488 [pid 5488] <... set_robust_list resumed>) = 0 [pid 5488] chdir("./120") = 0 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5488] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5488] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5489 attached [pid 5489] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5488] <... clone3 resumed> => {parent_tid=[5489]}, 88) = 5489 [pid 5489] <... rseq resumed>) = 0 [ 59.253044][ T5486] loop0: detected capacity change from 0 to 512 [ 59.277380][ T5486] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5489] set_robust_list(0x7f4380f929a0, 24 [pid 5488] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... set_robust_list resumed>) = 0 [pid 5488] <... futex resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] <... futex resumed>) = 0 [pid 5489] memfd_create("syzkaller", 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5489] <... memfd_create resumed>) = 3 [pid 5488] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5488] <... mprotect resumed>) = 0 [pid 5489] <... mmap resumed>) = 0x7f4378b51000 [pid 5488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5490 attached => {parent_tid=[5490]}, 88) = 5490 [pid 5490] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5490] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5488] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5488] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... open resumed>) = 4 [pid 5490] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5488] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] fallocate(4, 0, 35143, 7 [pid 5488] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... write resumed>) = 262144 [pid 5489] munmap(0x7f4378b51000, 262144) = 0 [pid 5489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5489] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5489] close(3) = 0 [pid 5489] mkdir("./file1", 0777 [pid 5490] <... fallocate resumed>) = 0 [pid 5490] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5488] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... mkdir resumed>) = 0 [pid 5490] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5488] <... futex resumed>) = 0 [pid 5490] <... mount resumed>) = 0 [pid 5489] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5490] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5488] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5488] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... open resumed>) = 3 [pid 5490] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5490] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5488] <... futex resumed>) = 0 [pid 5490] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5488] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... write resumed>) = 262144 [pid 5490] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] <... futex resumed>) = 0 [pid 5489] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5489] ioctl(5, LOOP_CLR_FD) = 0 [pid 5489] close(5) = 0 [pid 5489] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] exit_group(0 [pid 5489] <... futex resumed>) = ? [pid 5490] <... futex resumed>) = ? [pid 5490] +++ exited with 0 +++ [pid 5489] +++ exited with 0 +++ [pid 5488] <... exit_group resumed>) = ? [pid 5488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5488, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/bus") = 0 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.345162][ T5489] loop0: detected capacity change from 0 to 512 [ 59.358631][ T5491] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 59.358675][ T5489] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 59.371881][ T5489] EXT4-fs (loop0): get root inode failed [ 59.389061][ T5489] EXT4-fs (loop0): mount failed ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5493 attached , child_tidptr=0x555556e0f690) = 5493 [pid 5493] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5493] chdir("./121") = 0 [pid 5493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5493] setpgid(0, 0) = 0 [pid 5493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5493] write(3, "1000", 4) = 4 [pid 5493] close(3) = 0 [pid 5493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5493] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5493] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5494 attached => {parent_tid=[5494]}, 88) = 5494 [pid 5494] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5494] <... rseq resumed>) = 0 [pid 5493] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5493] <... futex resumed>) = 0 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5493] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5494] memfd_create("syzkaller", 0) = 3 [pid 5494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5493] <... mmap resumed>) = 0x7f4380f51000 [pid 5494] <... mmap resumed>) = 0x7f4378b51000 [pid 5493] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5494] <... write resumed>) = 262144 [pid 5493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5494] munmap(0x7f4378b51000, 262144 [pid 5493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5495]}, 88) = 5495 ./strace-static-x86_64: Process 5495 attached [pid 5494] <... munmap resumed>) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5493] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5494] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5495] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5494] <... openat resumed>) = 4 [pid 5495] <... open resumed>) = 5 [pid 5494] ioctl(4, LOOP_SET_FD, 3 [pid 5495] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] fallocate(5, 0, 35143, 7 [pid 5493] <... futex resumed>) = 1 [pid 5493] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... ioctl resumed>) = 0 [pid 5494] close(3) = 0 [pid 5494] mkdir("./file1", 0777 [pid 5495] <... fallocate resumed>) = 0 [pid 5495] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... mkdir resumed>) = 0 [pid 5495] <... futex resumed>) = 0 [pid 5493] <... futex resumed>) = 1 [pid 5495] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5494] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5493] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... mount resumed>) = 0 [pid 5495] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5495] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... futex resumed>) = 0 [pid 5495] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5493] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... open resumed>) = 3 [pid 5495] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5495] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... futex resumed>) = 0 [pid 5495] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5493] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... write resumed>) = 262144 [pid 5495] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5495] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5494] ioctl(4, LOOP_CLR_FD) = 0 [pid 5494] close(4) = 0 [pid 5494] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] exit_group(0 [pid 5495] <... futex resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5493] <... exit_group resumed>) = ? [pid 5494] <... futex resumed>) = ? [pid 5494] +++ exited with 0 +++ [pid 5493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5493, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/bus") = 0 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 59.459768][ T5494] loop0: detected capacity change from 0 to 512 [ 59.488268][ T5494] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5496 attached , child_tidptr=0x555556e0f690) = 5496 [pid 5496] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5496] chdir("./122") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5496] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5497 attached => {parent_tid=[5497]}, 88) = 5497 [pid 5497] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5497] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5497] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5496] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] memfd_create("syzkaller", 0 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] <... memfd_create resumed>) = 3 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5496] <... mmap resumed>) = 0x7f4380f51000 [pid 5497] <... mmap resumed>) = 0x7f4378b51000 [pid 5496] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5498 attached => {parent_tid=[5498]}, 88) = 5498 [pid 5498] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5498] <... rseq resumed>) = 0 [pid 5498] set_robust_list(0x7f4380f719a0, 24 [pid 5497] <... write resumed>) = 262144 [pid 5498] <... set_robust_list resumed>) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5496] <... futex resumed>) = 0 [pid 5497] munmap(0x7f4378b51000, 262144 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... open resumed>) = 4 [pid 5497] <... munmap resumed>) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5498] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] ioctl(5, LOOP_SET_FD, 3 [pid 5498] <... futex resumed>) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] fallocate(4, 0, 35143, 7 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... ioctl resumed>) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./file1", 0777) = 0 [pid 5497] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5498] <... fallocate resumed>) = 0 [pid 5498] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5498] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5496] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5496] <... futex resumed>) = 0 [pid 5498] <... open resumed>) = 3 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... futex resumed>) = 1 [pid 5498] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5498] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [ 59.562362][ T5497] loop0: detected capacity change from 0 to 512 [ 59.577895][ T5499] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 59.579838][ T5497] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 59.603090][ T5497] EXT4-fs (loop0): get root inode failed [pid 5498] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5497] ioctl(5, LOOP_CLR_FD) = 0 [pid 5497] close(5) = 0 [pid 5497] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] exit_group(0 [pid 5498] <... futex resumed>) = ? [pid 5496] <... exit_group resumed>) = ? [pid 5498] +++ exited with 0 +++ [pid 5497] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/bus") = 0 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5501 ./strace-static-x86_64: Process 5501 attached [pid 5501] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5501] chdir("./123") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5501] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5502]}, 88) = 5502 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5501] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [ 59.608779][ T5497] EXT4-fs (loop0): mount failed [pid 5501] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5503 attached [pid 5503] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5501] <... clone3 resumed> => {parent_tid=[5503]}, 88) = 5503 [pid 5503] <... rseq resumed>) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], [pid 5503] set_robust_list(0x7f4380f719a0, 24 [pid 5501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] <... set_robust_list resumed>) = 0 [pid 5501] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] <... futex resumed>) = 0 [pid 5503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5503] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5503] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5501] <... futex resumed>) = 0 [pid 5503] fallocate(3, 0, 35143, 7 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5502 attached [pid 5502] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5502] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5502] memfd_create("syzkaller", 0) = 4 [pid 5502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5503] <... fallocate resumed>) = 0 [pid 5503] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5502] <... mmap resumed>) = 0x7f4378b51000 [pid 5501] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5503] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5503] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5501] <... futex resumed>) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5501] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5503] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5503] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... write resumed>) = 262144 [pid 5502] munmap(0x7f4378b51000, 262144) = 0 [pid 5502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5502] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5502] close(4) = 0 [pid 5502] mkdir("./file1", 0777) = 0 [ 59.665647][ T5502] loop0: detected capacity change from 0 to 512 [ 59.690851][ T5502] EXT4-fs (loop0): 1 orphan inode deleted [ 59.696563][ T5502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5502] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5502] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5502] chdir("./file1") = 0 [pid 5502] ioctl(6, LOOP_CLR_FD) = 0 [pid 5502] close(6) = 0 [pid 5502] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] exit_group(0) = ? [pid 5503] <... futex resumed>) = ? [pid 5502] <... futex resumed>) = ? [pid 5503] +++ exited with 0 +++ [pid 5502] +++ exited with 0 +++ [pid 5501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5501, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/bus") = 0 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5507 ./strace-static-x86_64: Process 5507 attached [pid 5507] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5507] chdir("./124") = 0 [pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5507] setpgid(0, 0) = 0 [pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5507] write(3, "1000", 4) = 4 [pid 5507] close(3) = 0 [pid 5507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5507] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5507] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5508 attached [pid 5508] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5507] <... clone3 resumed> => {parent_tid=[5508]}, 88) = 5508 [pid 5508] <... rseq resumed>) = 0 [pid 5508] set_robust_list(0x7f4380f929a0, 24 [ 59.709184][ T5502] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/123/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.748270][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... set_robust_list resumed>) = 0 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] <... futex resumed>) = 0 [pid 5508] memfd_create("syzkaller", 0 [pid 5507] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5507] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5508] <... memfd_create resumed>) = 3 [pid 5508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5507] <... mprotect resumed>) = 0 [pid 5508] <... mmap resumed>) = 0x7f4378b51000 [pid 5508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5508] <... write resumed>) = 262144 [pid 5507] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5508] munmap(0x7f4378b51000, 262144 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5508] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5509 attached [pid 5509] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5507] <... clone3 resumed> => {parent_tid=[5509]}, 88) = 5509 [pid 5508] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5509] <... rseq resumed>) = 0 [pid 5509] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5509] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... openat resumed>) = 4 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] close(3 [pid 5507] <... futex resumed>) = 1 [pid 5509] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5508] <... close resumed>) = 0 [pid 5507] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... open resumed>) = 5 [pid 5508] mkdir("./file1", 0777 [pid 5509] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... mkdir resumed>) = 0 [pid 5509] <... futex resumed>) = 1 [pid 5508] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5507] <... futex resumed>) = 0 [pid 5509] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5507] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] fallocate(5, 0, 35143, 7) = 0 [pid 5509] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5509] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5507] <... futex resumed>) = 0 [pid 5509] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5507] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... mount resumed>) = 0 [pid 5509] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5509] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5507] <... futex resumed>) = 0 [pid 5509] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5507] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... open resumed>) = 3 [pid 5509] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] <... futex resumed>) = 1 [pid 5507] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5509] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] <... futex resumed>) = 0 [pid 5508] <... mount resumed>) = 0 [pid 5508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5508] chdir("./file1") = 0 [pid 5508] ioctl(4, LOOP_CLR_FD) = 0 [pid 5508] close(4) = 0 [pid 5508] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] exit_group(0 [pid 5509] <... futex resumed>) = ? [pid 5509] +++ exited with 0 +++ [pid 5508] <... futex resumed>) = ? [pid 5507] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ [pid 5507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5507, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 59.814025][ T5508] loop0: detected capacity change from 0 to 512 [ 59.830289][ T5508] EXT4-fs (loop0): 1 orphan inode deleted [ 59.836849][ T5508] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.850253][ T5508] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/124/file1 supports timestamps until 2038-01-19 (0x7fffffff) unlink("./124/bus") = 0 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5512 attached , child_tidptr=0x555556e0f690) = 5512 [pid 5512] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5512] chdir("./125") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5512] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5513]}, 88) = 5513 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5512] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 ./strace-static-x86_64: Process 5513 attached [pid 5513] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5512] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5513] <... rseq resumed>) = 0 [pid 5513] set_robust_list(0x7f4380f929a0, 24 [pid 5512] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5513] <... set_robust_list resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5514 attached [pid 5512] <... clone3 resumed> => {parent_tid=[5514]}, 88) = 5514 [pid 5514] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5513] memfd_create("syzkaller", 0 [pid 5514] set_robust_list(0x7f4380f719a0, 24 [pid 5513] <... memfd_create resumed>) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5514] <... set_robust_list resumed>) = 0 [pid 5513] <... mmap resumed>) = 0x7f4378b51000 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5512] <... futex resumed>) = 1 [pid 5514] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5512] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... open resumed>) = 4 [pid 5514] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... futex resumed>) = 1 [pid 5514] fallocate(4, 0, 35143, 7 [pid 5513] <... write resumed>) = 262144 [ 59.881368][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.893152][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 59.903005][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5513] munmap(0x7f4378b51000, 262144 [pid 5514] <... fallocate resumed>) = 0 [pid 5514] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5512] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5512] <... futex resumed>) = 0 [pid 5514] <... mount resumed>) = 0 [pid 5513] <... munmap resumed>) = 0 [pid 5512] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... futex resumed>) = 1 [pid 5514] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5514] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5514] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5512] <... futex resumed>) = 0 [pid 5514] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5512] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5513] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./file1", 0777) = 0 [pid 5513] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5513] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./file1") = 0 [pid 5513] ioctl(6, LOOP_CLR_FD) = 0 [pid 5513] close(6) = 0 [pid 5513] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] exit_group(0 [pid 5514] <... futex resumed>) = ? [pid 5512] <... exit_group resumed>) = ? [pid 5514] +++ exited with 0 +++ [pid 5513] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5512, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/bus") = 0 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 [ 59.966582][ T5513] loop0: detected capacity change from 0 to 512 [ 59.980105][ T5513] EXT4-fs (loop0): 1 orphan inode deleted [ 59.985971][ T5513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.999071][ T5513] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/125/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5517 ./strace-static-x86_64: Process 5517 attached [pid 5517] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5517] chdir("./126") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5517] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5518 attached => {parent_tid=[5518]}, 88) = 5518 [pid 5518] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] set_robust_list(0x7f4380f929a0, 24 [pid 5517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5517] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... set_robust_list resumed>) = 0 [pid 5517] <... futex resumed>) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5517] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] memfd_create("syzkaller", 0 [pid 5517] <... futex resumed>) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5518] <... memfd_create resumed>) = 3 [pid 5517] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5517] <... mprotect resumed>) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5519]}, 88) = 5519 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5519 attached [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5517] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... rseq resumed>) = 0 [pid 5518] <... write resumed>) = 262144 [ 60.047315][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5518] munmap(0x7f4378b51000, 262144 [pid 5519] set_robust_list(0x7f4380f719a0, 24 [pid 5518] <... munmap resumed>) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5519] <... set_robust_list resumed>) = 0 [pid 5518] <... openat resumed>) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] <... ioctl resumed>) = 0 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file1", 0777 [pid 5519] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5518] <... mkdir resumed>) = 0 [pid 5518] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5519] <... open resumed>) = 3 [pid 5519] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5519] fallocate(3, 0, 35143, 7 [pid 5517] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... fallocate resumed>) = 0 [pid 5519] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5519] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5519] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5517] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... mount resumed>) = 0 [pid 5519] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5517] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5519] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5517] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... write resumed>) = 262144 [pid 5519] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [ 60.109724][ T5518] loop0: detected capacity change from 0 to 512 [ 60.129834][ T5520] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 60.135675][ T5518] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [pid 5519] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] exit_group(0) = ? [pid 5519] <... futex resumed>) = ? [pid 5519] +++ exited with 0 +++ [pid 5518] <... futex resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5517, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/bus") = 0 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5522 ./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5522] chdir("./127") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5522] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5523 attached => {parent_tid=[5523]}, 88) = 5523 [pid 5523] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5523] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5523] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] memfd_create("syzkaller", 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5523] <... memfd_create resumed>) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5522] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5523] <... mmap resumed>) = 0x7f4378b51000 [pid 5522] <... mprotect resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 60.155572][ T5518] EXT4-fs (loop0): get root inode failed [ 60.161428][ T5518] EXT4-fs (loop0): mount failed [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5524 attached [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5522] <... clone3 resumed> => {parent_tid=[5524]}, 88) = 5524 [pid 5524] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... write resumed>) = 262144 [pid 5522] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] munmap(0x7f4378b51000, 262144 [pid 5522] <... futex resumed>) = 0 [pid 5524] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5523] <... munmap resumed>) = 0 [pid 5522] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5524] <... open resumed>) = 4 [pid 5523] <... openat resumed>) = 5 [pid 5523] ioctl(5, LOOP_SET_FD, 3 [pid 5524] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... ioctl resumed>) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5524] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] close(3 [pid 5522] <... futex resumed>) = 0 [pid 5524] fallocate(4, 0, 35143, 7 [pid 5523] <... close resumed>) = 0 [pid 5523] mkdir("./file1", 0777 [pid 5522] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... mkdir resumed>) = 0 [pid 5523] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5524] <... fallocate resumed>) = 0 [pid 5524] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5524] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5524] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5524] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5524] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] <... futex resumed>) = 0 [pid 5524] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5522] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... write resumed>) = 262144 [pid 5524] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [ 60.230123][ T5523] loop0: detected capacity change from 0 to 512 [ 60.259587][ T5523] EXT4-fs (loop0): 1 orphan inode deleted [ 60.265312][ T5523] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5524] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... mount resumed>) = 0 [pid 5523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5523] chdir("./file1") = 0 [pid 5523] ioctl(5, LOOP_CLR_FD) = 0 [pid 5523] close(5) = 0 [pid 5523] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] exit_group(0 [pid 5524] <... futex resumed>) = ? [pid 5524] +++ exited with 0 +++ [pid 5522] <... exit_group resumed>) = ? [pid 5523] <... futex resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/bus") = 0 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 60.284518][ T5523] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.322611][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5527 ./strace-static-x86_64: Process 5527 attached [pid 5527] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5527] chdir("./128") = 0 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5527] setpgid(0, 0) = 0 [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5527] write(3, "1000", 4) = 4 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5527] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5527] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5528 attached [pid 5528] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5528] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... clone3 resumed> => {parent_tid=[5528]}, 88) = 5528 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5527] <... futex resumed>) = 1 [pid 5528] memfd_create("syzkaller", 0) = 3 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [ 60.332679][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 60.342367][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5527] <... futex resumed>) = 0 [pid 5528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5527] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 5528] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5529 attached [pid 5527] <... clone3 resumed> => {parent_tid=[5529]}, 88) = 5529 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] munmap(0x7f4378b72000, 262144 [pid 5529] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5528] <... munmap resumed>) = 0 [pid 5528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5528] ioctl(4, LOOP_SET_FD, 3 [pid 5529] <... rseq resumed>) = 0 [pid 5529] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5529] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5528] <... ioctl resumed>) = 0 [pid 5528] close(3) = 0 [pid 5528] mkdir("./file1", 0777) = 0 [pid 5528] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5529] <... open resumed>) = 5 [pid 5529] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5529] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] fallocate(5, 0, 35143, 7) = 0 [pid 5529] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5527] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... mount resumed>) = 0 [pid 5529] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 1 [pid 5529] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5529] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 0 [pid 5529] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [ 60.402124][ T5528] loop0: detected capacity change from 0 to 512 [ 60.422070][ T5528] EXT4-fs (loop0): 1 orphan inode deleted [ 60.431585][ T5528] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5529] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5529] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... mount resumed>) = 0 [pid 5528] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5528] chdir("./file1") = 0 [pid 5528] ioctl(4, LOOP_CLR_FD) = 0 [pid 5528] close(4) = 0 [pid 5528] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] exit_group(0 [pid 5529] <... futex resumed>) = ? [pid 5528] <... futex resumed>) = ? [pid 5527] <... exit_group resumed>) = ? [pid 5529] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5527, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/bus") = 0 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 [ 60.444335][ T5528] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/128/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5532 attached [pid 5532] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5532] chdir("./129") = 0 [pid 5532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5532] setpgid(0, 0) = 0 [pid 5532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5532] write(3, "1000", 4) = 4 [pid 5532] close(3) = 0 [pid 5532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5532] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5532] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5533 attached [pid 5533] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5532] <... clone3 resumed> => {parent_tid=[5533]}, 88) = 5533 [pid 5533] <... rseq resumed>) = 0 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] set_robust_list(0x7f4380f929a0, 24 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] <... set_robust_list resumed>) = 0 [pid 5532] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5532] <... futex resumed>) = 0 [pid 5533] memfd_create("syzkaller", 0 [pid 5532] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5533] <... memfd_create resumed>) = 3 [pid 5532] <... mmap resumed>) = 0x7f4380f51000 [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5532] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5532 [pid 5532] <... clone3 resumed> => {parent_tid=[5534]}, 88) = 5534 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5532] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5534 attached [pid 5533] <... write resumed>) = 262144 [pid 5534] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5533] munmap(0x7f4378b51000, 262144 [pid 5534] <... rseq resumed>) = 0 [pid 5533] <... munmap resumed>) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5534] set_robust_list(0x7f4380f719a0, 24 [pid 5533] <... openat resumed>) = 4 [ 60.487603][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.497820][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 60.507404][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5533] ioctl(4, LOOP_SET_FD, 3 [pid 5534] <... set_robust_list resumed>) = 0 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5533] <... ioctl resumed>) = 0 [pid 5534] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5533] close(3 [pid 5534] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... close resumed>) = 0 [pid 5532] <... futex resumed>) = 0 [pid 5534] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5533] mkdir("./file1", 0777 [pid 5532] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] fallocate(5, 0, 35143, 7 [pid 5532] <... futex resumed>) = 0 [pid 5533] <... mkdir resumed>) = 0 [pid 5532] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5534] <... fallocate resumed>) = 0 [pid 5534] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5534] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5534] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5532] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... mount resumed>) = 0 [pid 5534] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5532] <... futex resumed>) = 1 [pid 5534] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5532] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... open resumed>) = 3 [pid 5534] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5534] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5532] <... futex resumed>) = 0 [pid 5534] <... write resumed>) = 262144 [pid 5532] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] <... futex resumed>) = 0 [ 60.541334][ T5533] loop0: detected capacity change from 0 to 512 [ 60.562141][ T5533] EXT4-fs (loop0): 1 orphan inode deleted [ 60.568449][ T5533] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5534] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] <... mount resumed>) = 0 [pid 5533] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5533] chdir("./file1") = 0 [pid 5533] ioctl(4, LOOP_CLR_FD) = 0 [pid 5533] close(4) = 0 [pid 5533] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] exit_group(0) = ? [pid 5534] <... futex resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5533] <... futex resumed>) = ? [pid 5533] +++ exited with 0 +++ [pid 5532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5532, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/bus") = 0 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 [ 60.581594][ T5533] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.611602][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.621571][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5537 ./strace-static-x86_64: Process 5537 attached [pid 5537] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5537] chdir("./130") = 0 [pid 5537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5537] setpgid(0, 0) = 0 [pid 5537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5537] write(3, "1000", 4) = 4 [pid 5537] close(3) = 0 [pid 5537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5537] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5537] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5538 attached [pid 5538] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5537] <... clone3 resumed> => {parent_tid=[5538]}, 88) = 5538 [pid 5538] <... rseq resumed>) = 0 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 60.631226][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5537] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] set_robust_list(0x7f4380f929a0, 24 [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] <... set_robust_list resumed>) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] <... mmap resumed>) = 0x7f4380f51000 [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5538] memfd_create("syzkaller", 0 [pid 5537] <... mprotect resumed>) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5539 attached => {parent_tid=[5539]}, 88) = 5539 [pid 5539] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5539] <... rseq resumed>) = 0 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5539] set_robust_list(0x7f4380f719a0, 24 [pid 5538] <... memfd_create resumed>) = 3 [pid 5537] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... set_robust_list resumed>) = 0 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] <... futex resumed>) = 0 [pid 5539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5539] <... open resumed>) = 4 [pid 5539] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5539] <... futex resumed>) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5539] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] <... futex resumed>) = 0 [pid 5539] fallocate(4, 0, 35143, 7 [pid 5537] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... write resumed>) = 262144 [pid 5538] munmap(0x7f4378b51000, 262144) = 0 [pid 5539] <... fallocate resumed>) = 0 [pid 5539] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5539] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] <... futex resumed>) = 0 [pid 5539] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5537] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... mount resumed>) = 0 [pid 5539] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... futex resumed>) = 1 [pid 5539] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5539] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5539] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5537] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5539] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5539] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5538] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5538] close(3) = 0 [pid 5538] mkdir("./file1", 0777) = 0 [ 60.697768][ T5538] loop0: detected capacity change from 0 to 512 [ 60.719956][ T5538] EXT4-fs (loop0): 1 orphan inode deleted [ 60.725904][ T5538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5538] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5538] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5538] chdir("./file1") = 0 [pid 5538] ioctl(6, LOOP_CLR_FD) = 0 [pid 5538] close(6) = 0 [pid 5538] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] exit_group(0) = ? [pid 5538] <... futex resumed>) = ? [pid 5538] +++ exited with 0 +++ [pid 5539] <... futex resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5537, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/bus") = 0 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 [ 60.738746][ T5538] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/130/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5542] chdir("./131") = 0 [pid 5542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5542] setpgid(0, 0) = 0 [pid 5542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5542] write(3, "1000", 4 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5542 [pid 5542] <... write resumed>) = 4 [pid 5542] close(3) = 0 [pid 5542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5542] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5542] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5543 attached => {parent_tid=[5543]}, 88) = 5543 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], [pid 5543] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5543] <... rseq resumed>) = 0 [pid 5542] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] set_robust_list(0x7f4380f929a0, 24 [pid 5542] <... futex resumed>) = 0 [pid 5543] <... set_robust_list resumed>) = 0 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5542] <... futex resumed>) = 0 [pid 5543] memfd_create("syzkaller", 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5543] <... memfd_create resumed>) = 3 [pid 5542] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5542] <... mprotect resumed>) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5542] <... clone3 resumed> => {parent_tid=[5544]}, 88) = 5544 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5542] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5544 attached [pid 5543] <... write resumed>) = 262144 [pid 5544] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5543] munmap(0x7f4378b51000, 262144 [pid 5544] <... rseq resumed>) = 0 [pid 5544] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5544] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5543] <... munmap resumed>) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5544] <... open resumed>) = 4 [pid 5543] <... openat resumed>) = 5 [ 60.786505][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5543] ioctl(5, LOOP_SET_FD, 3 [pid 5544] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... ioctl resumed>) = 0 [pid 5543] close(3) = 0 [pid 5543] mkdir("./file1", 0777 [pid 5544] <... futex resumed>) = 1 [pid 5544] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5544] fallocate(4, 0, 35143, 7 [pid 5543] <... mkdir resumed>) = 0 [pid 5543] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5544] <... fallocate resumed>) = 0 [pid 5544] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5544] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] <... futex resumed>) = 0 [pid 5544] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5542] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... mount resumed>) = 0 [pid 5544] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5542] <... futex resumed>) = 0 [pid 5544] <... open resumed>) = 3 [pid 5542] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] <... futex resumed>) = 0 [pid 5542] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... write resumed>) = 262144 [pid 5544] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [ 60.830627][ T5543] loop0: detected capacity change from 0 to 512 [ 60.850603][ T5543] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 60.857136][ T5545] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 60.865895][ T5543] EXT4-fs (loop0): get root inode failed [pid 5543] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5543] ioctl(5, LOOP_CLR_FD) = 0 [pid 5543] close(5) = 0 [pid 5543] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] exit_group(0 [pid 5544] <... futex resumed>) = ? [pid 5544] +++ exited with 0 +++ [pid 5543] <... futex resumed>) = ? [pid 5543] +++ exited with 0 +++ [pid 5542] <... exit_group resumed>) = ? [pid 5542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5542, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/bus") = 0 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5547 attached , child_tidptr=0x555556e0f690) = 5547 [ 60.881149][ T5543] EXT4-fs (loop0): mount failed [pid 5547] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5547] chdir("./132") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5547] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5548]}, 88) = 5548 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5547] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5547] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5547] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5549] set_robust_list(0x7f4380f719a0, 24 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... set_robust_list resumed>) = 0 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5547] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... open resumed>) = 3 [pid 5549] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5549] <... futex resumed>) = 1 [pid 5547] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] fallocate(3, 0, 35143, 7 [pid 5547] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5548 attached [pid 5547] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5548] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5548] memfd_create("syzkaller", 0) = 4 [pid 5549] <... fallocate resumed>) = 0 [pid 5548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5549] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5548] <... mmap resumed>) = 0x7f4378b51000 [pid 5547] <... futex resumed>) = 0 [pid 5549] <... mount resumed>) = 0 [pid 5547] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5549] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5549] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5547] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5549] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5549] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5548] munmap(0x7f4378b51000, 262144) = 0 [pid 5548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5548] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5548] close(4) = 0 [pid 5548] mkdir("./file1", 0777) = 0 [ 60.948299][ T5548] loop0: detected capacity change from 0 to 512 [ 60.970067][ T5548] EXT4-fs (loop0): 1 orphan inode deleted [ 60.975976][ T5548] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5548] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5548] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5548] chdir("./file1") = 0 [pid 5548] ioctl(6, LOOP_CLR_FD) = 0 [pid 5548] close(6) = 0 [pid 5548] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] exit_group(0 [pid 5548] <... futex resumed>) = ? [pid 5547] <... exit_group resumed>) = ? [pid 5549] <... futex resumed>) = ? [pid 5548] +++ exited with 0 +++ [pid 5549] +++ exited with 0 +++ [pid 5547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5547, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/bus") = 0 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 [ 60.988787][ T5548] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/132/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5552 attached , child_tidptr=0x555556e0f690) = 5552 [pid 5552] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5552] chdir("./133") = 0 [pid 5552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5552] setpgid(0, 0) = 0 [pid 5552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5552] write(3, "1000", 4) = 4 [pid 5552] close(3) = 0 [pid 5552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5552] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5552] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5553 attached => {parent_tid=[5553]}, 88) = 5553 [pid 5553] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] set_robust_list(0x7f4380f929a0, 24 [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5553] <... set_robust_list resumed>) = 0 [pid 5552] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5552] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5554 attached => {parent_tid=[5554]}, 88) = 5554 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5552] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5553] memfd_create("syzkaller", 0 [ 61.023407][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5554] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] <... memfd_create resumed>) = 3 [pid 5554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5554] <... open resumed>) = 4 [pid 5553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5553] munmap(0x7f4378b51000, 262144) = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5553] ioctl(5, LOOP_SET_FD, 3 [pid 5554] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5554] fallocate(4, 0, 35143, 7 [pid 5552] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... ioctl resumed>) = 0 [pid 5553] close(3) = 0 [pid 5553] mkdir("./file1", 0777) = 0 [pid 5553] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5554] <... fallocate resumed>) = 0 [pid 5554] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5552] <... futex resumed>) = 0 [pid 5554] <... mount resumed>) = 0 [pid 5552] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5554] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5552] <... futex resumed>) = 0 [pid 5554] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5552] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... open resumed>) = 3 [pid 5554] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5552] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.071099][ T5553] loop0: detected capacity change from 0 to 512 [ 61.101523][ T5553] EXT4-fs (loop0): 1 orphan inode deleted [ 61.108342][ T5553] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5554] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5554] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5553] <... mount resumed>) = 0 [pid 5553] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5553] chdir("./file1") = 0 [pid 5553] ioctl(5, LOOP_CLR_FD) = 0 [pid 5553] close(5) = 0 [pid 5553] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] exit_group(0 [pid 5554] <... futex resumed>) = ? [pid 5552] <... exit_group resumed>) = ? [pid 5554] +++ exited with 0 +++ [pid 5553] <... futex resumed>) = ? [pid 5553] +++ exited with 0 +++ [pid 5552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5552, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/bus") = 0 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 [ 61.121944][ T5553] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/133/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.161684][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5557 attached , child_tidptr=0x555556e0f690) = 5557 [pid 5557] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5557] chdir("./134") = 0 [pid 5557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5557] setpgid(0, 0) = 0 [pid 5557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5557] write(3, "1000", 4) = 4 [pid 5557] close(3) = 0 [pid 5557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5557] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5557] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5558 attached [pid 5558] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5557] <... clone3 resumed> => {parent_tid=[5558]}, 88) = 5558 [pid 5558] <... rseq resumed>) = 0 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], [pid 5558] set_robust_list(0x7f4380f929a0, 24 [pid 5557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5558] <... set_robust_list resumed>) = 0 [pid 5557] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], [pid 5557] <... futex resumed>) = 0 [pid 5558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5557] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] memfd_create("syzkaller", 0 [pid 5557] <... futex resumed>) = 0 [pid 5557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5558] <... memfd_create resumed>) = 3 [pid 5557] <... mmap resumed>) = 0x7f4380f51000 [pid 5558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5557] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5558] <... mmap resumed>) = 0x7f4378b51000 [pid 5557] <... mprotect resumed>) = 0 [pid 5558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5559]}, 88) = 5559 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5557] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.171634][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 61.181276][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5557] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5559 attached [pid 5559] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5559] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5559] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5558] <... write resumed>) = 262144 [pid 5558] munmap(0x7f4378b51000, 262144) = 0 [pid 5558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5558] ioctl(5, LOOP_SET_FD, 3 [pid 5559] <... open resumed>) = 4 [pid 5559] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5557] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] fallocate(4, 0, 35143, 7 [pid 5558] <... ioctl resumed>) = 0 [pid 5558] close(3) = 0 [pid 5558] mkdir("./file1", 0777) = 0 [pid 5558] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5559] <... fallocate resumed>) = 0 [pid 5559] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5559] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5557] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... mount resumed>) = 0 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5557] <... futex resumed>) = 0 [pid 5559] <... open resumed>) = 3 [pid 5557] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5559] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5557] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5557] <... futex resumed>) = 0 [pid 5559] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5557] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... write resumed>) = 262144 [pid 5559] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5559] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5558] ioctl(5, LOOP_CLR_FD) = 0 [pid 5558] close(5) = 0 [pid 5558] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5557] exit_group(0 [pid 5558] <... futex resumed>) = ? [pid 5558] +++ exited with 0 +++ [pid 5559] <... futex resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5557] <... exit_group resumed>) = ? [pid 5557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5557, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/bus") = 0 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5560 ./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5560] chdir("./135") = 0 [pid 5560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5560] setpgid(0, 0) = 0 [pid 5560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5560] write(3, "1000", 4) = 4 [pid 5560] close(3) = 0 [pid 5560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5560] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5560] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5561 attached => {parent_tid=[5561]}, 88) = 5561 [pid 5561] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... rseq resumed>) = 0 [pid 5560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] set_robust_list(0x7f4380f929a0, 24 [pid 5560] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... set_robust_list resumed>) = 0 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5560] <... futex resumed>) = 0 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5560] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] memfd_create("syzkaller", 0 [pid 5560] <... futex resumed>) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5561] <... memfd_create resumed>) = 3 [pid 5560] <... mmap resumed>) = 0x7f4380f51000 [pid 5561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5560] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5562]}, 88) = 5562 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5560] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5562 attached [pid 5561] <... write resumed>) = 262144 [pid 5562] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5561] munmap(0x7f4378b51000, 262144 [pid 5562] <... rseq resumed>) = 0 [pid 5562] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5561] <... munmap resumed>) = 0 [ 61.230086][ T5558] loop0: detected capacity change from 0 to 512 [ 61.247711][ T5558] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5561] ioctl(4, LOOP_SET_FD, 3 [pid 5562] <... open resumed>) = 5 [pid 5562] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... ioctl resumed>) = 0 [pid 5561] close(3) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5562] fallocate(5, 0, 35143, 7 [pid 5561] mkdir("./file1", 0777) = 0 [pid 5561] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5562] <... fallocate resumed>) = 0 [pid 5562] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5562] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5560] <... futex resumed>) = 1 [pid 5560] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5562] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5562] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5560] <... futex resumed>) = 0 [pid 5562] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5560] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... open resumed>) = 3 [pid 5562] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5562] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5560] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... write resumed>) = 262144 [pid 5562] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5562] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5561] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5561] ioctl(4, LOOP_CLR_FD) = 0 [pid 5561] close(4) = 0 [pid 5561] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] exit_group(0 [pid 5562] <... futex resumed>) = ? [pid 5562] +++ exited with 0 +++ [pid 5561] <... futex resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5560] <... exit_group resumed>) = ? [pid 5560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5560, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/bus") = 0 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5563 attached , child_tidptr=0x555556e0f690) = 5563 [pid 5563] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5563] chdir("./136") = 0 [pid 5563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5563] setpgid(0, 0) = 0 [pid 5563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5563] write(3, "1000", 4) = 4 [pid 5563] close(3) = 0 [pid 5563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5563] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5563] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5564 attached [pid 5564] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5563] <... clone3 resumed> => {parent_tid=[5564]}, 88) = 5564 [pid 5564] set_robust_list(0x7f4380f929a0, 24 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], [pid 5564] <... set_robust_list resumed>) = 0 [pid 5563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] <... futex resumed>) = 0 [ 61.310122][ T5561] loop0: detected capacity change from 0 to 512 [ 61.330210][ T5561] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5563] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] memfd_create("syzkaller", 0 [pid 5563] <... futex resumed>) = 0 [pid 5564] <... memfd_create resumed>) = 3 [pid 5563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5563] <... mmap resumed>) = 0x7f4380f51000 [pid 5564] <... mmap resumed>) = 0x7f4378b51000 [pid 5563] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5563] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5565]}, 88) = 5565 [pid 5564] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5565 attached [pid 5564] munmap(0x7f4378b51000, 262144 [pid 5565] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5565] <... rseq resumed>) = 0 [pid 5564] <... munmap resumed>) = 0 [pid 5563] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] set_robust_list(0x7f4380f719a0, 24 [pid 5564] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5565] <... set_robust_list resumed>) = 0 [pid 5563] <... futex resumed>) = 0 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5564] <... openat resumed>) = 4 [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5564] ioctl(4, LOOP_SET_FD, 3 [pid 5565] <... open resumed>) = 5 [pid 5565] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5565] fallocate(5, 0, 35143, 7 [pid 5563] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... ioctl resumed>) = 0 [pid 5564] close(3) = 0 [pid 5564] mkdir("./file1", 0777) = 0 [pid 5564] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5565] <... fallocate resumed>) = 0 [pid 5565] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5565] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5565] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5563] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... mount resumed>) = 0 [pid 5565] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5565] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5563] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] <... open resumed>) = 3 [pid 5563] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5563] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5565] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = 0 [pid 5564] <... mount resumed>) = 0 [pid 5564] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5564] chdir("./file1") = 0 [pid 5564] ioctl(4, LOOP_CLR_FD) = 0 [pid 5564] close(4) = 0 [pid 5564] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] exit_group(0 [pid 5565] <... futex resumed>) = ? [pid 5563] <... exit_group resumed>) = ? [pid 5565] +++ exited with 0 +++ [pid 5564] <... futex resumed>) = ? [pid 5564] +++ exited with 0 +++ [pid 5563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5563, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/bus") = 0 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 61.402004][ T5564] loop0: detected capacity change from 0 to 512 [ 61.420037][ T5564] EXT4-fs (loop0): 1 orphan inode deleted [ 61.425738][ T5564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.438520][ T5564] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/136/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5568 ./strace-static-x86_64: Process 5568 attached [pid 5568] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5568] chdir("./137") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5568] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5569]}, 88) = 5569 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5569 attached NULL, 8) = 0 [pid 5569] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5568] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5569] <... rseq resumed>) = 0 [pid 5568] <... mmap resumed>) = 0x7f4380f51000 [pid 5569] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5568] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 ./strace-static-x86_64: Process 5570 attached [pid 5568] <... clone3 resumed> => {parent_tid=[5570]}, 88) = 5570 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5568] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5570] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5570] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 61.472873][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.482821][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 61.492760][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5570] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] fallocate(4, 0, 35143, 7 [pid 5569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5569] munmap(0x7f4378b51000, 262144) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5569] ioctl(5, LOOP_SET_FD, 3 [pid 5570] <... fallocate resumed>) = 0 [pid 5569] <... ioctl resumed>) = 0 [pid 5570] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] close(3) = 0 [pid 5569] mkdir("./file1", 0777 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5569] <... mkdir resumed>) = 0 [pid 5569] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5570] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5570] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... write resumed>) = 262144 [pid 5570] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5570] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5569] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5569] ioctl(5, LOOP_CLR_FD) = 0 [pid 5569] close(5) = 0 [pid 5569] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] exit_group(0 [pid 5570] <... futex resumed>) = ? [pid 5569] <... futex resumed>) = ? [pid 5568] <... exit_group resumed>) = ? [pid 5570] +++ exited with 0 +++ [pid 5569] +++ exited with 0 +++ [pid 5568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5568, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/bus") = 0 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5571 ./strace-static-x86_64: Process 5571 attached [pid 5571] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5571] chdir("./138") = 0 [pid 5571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5571] setpgid(0, 0) = 0 [pid 5571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5571] write(3, "1000", 4) = 4 [pid 5571] close(3) = 0 [pid 5571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5571] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5571] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5572 attached [pid 5572] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5572] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... clone3 resumed> => {parent_tid=[5572]}, 88) = 5572 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5571] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 1 [pid 5572] memfd_create("syzkaller", 0 [pid 5571] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... memfd_create resumed>) = 3 [pid 5571] <... futex resumed>) = 0 [pid 5572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5572] <... mmap resumed>) = 0x7f4378b72000 [pid 5571] <... mmap resumed>) = 0x7f4378b51000 [pid 5571] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5573 attached [pid 5572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5571] <... clone3 resumed> => {parent_tid=[5573]}, 88) = 5573 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5571] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] <... write resumed>) = 262144 [pid 5572] munmap(0x7f4378b72000, 262144 [pid 5573] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5573] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5572] <... munmap resumed>) = 0 [pid 5572] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5573] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... futex resumed>) = 1 [pid 5573] fallocate(4, 0, 35143, 7 [pid 5572] <... openat resumed>) = 5 [ 61.558373][ T5569] loop0: detected capacity change from 0 to 512 [ 61.572068][ T5569] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 61.582318][ T5569] EXT4-fs (loop0): group descriptors corrupted! [pid 5572] ioctl(5, LOOP_SET_FD, 3 [pid 5573] <... fallocate resumed>) = 0 [pid 5573] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5571] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5572] <... ioctl resumed>) = 0 [pid 5573] <... mount resumed>) = 0 [pid 5573] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] close(3 [pid 5573] <... futex resumed>) = 1 [pid 5572] <... close resumed>) = 0 [pid 5571] <... futex resumed>) = 0 [pid 5573] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] mkdir("./file1", 0777 [pid 5571] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5573] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5571] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... open resumed>) = 3 [pid 5573] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... mkdir resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5573] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5573] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5571] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5573] <... write resumed>) = 262144 [pid 5573] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5573] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5572] ioctl(5, LOOP_CLR_FD) = 0 [pid 5572] close(5) = 0 [pid 5572] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] exit_group(0 [pid 5573] <... futex resumed>) = ? [pid 5573] +++ exited with 0 +++ [pid 5571] <... exit_group resumed>) = ? [pid 5572] <... futex resumed>) = ? [pid 5572] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5571, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/bus") = 0 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5574 ./strace-static-x86_64: Process 5574 attached [pid 5574] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5574] chdir("./139") = 0 [pid 5574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 61.637774][ T5572] loop0: detected capacity change from 0 to 512 [ 61.656221][ T5572] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5574] setpgid(0, 0) = 0 [pid 5574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5574] write(3, "1000", 4) = 4 [pid 5574] close(3) = 0 [pid 5574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5574] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5574] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5575]}, 88) = 5575 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5574] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 ./strace-static-x86_64: Process 5575 attached [pid 5574] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5575] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5574] <... mprotect resumed>) = 0 [pid 5575] set_robust_list(0x7f4380f929a0, 24 [pid 5574] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5575] <... set_robust_list resumed>) = 0 [pid 5574] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5576 attached [pid 5575] memfd_create("syzkaller", 0 [pid 5574] <... clone3 resumed> => {parent_tid=[5576]}, 88) = 5576 [pid 5575] <... memfd_create resumed>) = 3 [pid 5575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5576] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5575] <... mmap resumed>) = 0x7f4378b51000 [pid 5576] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5574] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5574] <... futex resumed>) = 1 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5575] <... write resumed>) = 262144 [pid 5576] <... open resumed>) = 4 [pid 5575] munmap(0x7f4378b51000, 262144 [pid 5576] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] fallocate(4, 0, 35143, 7 [pid 5575] <... munmap resumed>) = 0 [pid 5575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5575] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5575] close(3) = 0 [pid 5575] mkdir("./file1", 0777) = 0 [pid 5575] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5576] <... fallocate resumed>) = 0 [pid 5576] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5574] <... futex resumed>) = 1 [pid 5576] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5576] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] <... futex resumed>) = 0 [pid 5576] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5574] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... write resumed>) = 262144 [pid 5576] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5576] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5575] ioctl(5, LOOP_CLR_FD) = 0 [pid 5575] close(5) = 0 [pid 5575] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] exit_group(0 [pid 5576] <... futex resumed>) = ? [pid 5576] +++ exited with 0 +++ [pid 5574] <... exit_group resumed>) = ? [pid 5575] <... futex resumed>) = ? [pid 5575] +++ exited with 0 +++ [pid 5574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5574, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/bus") = 0 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5579 attached , child_tidptr=0x555556e0f690) = 5579 [pid 5579] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5579] chdir("./140") = 0 [pid 5579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5579] setpgid(0, 0) = 0 [pid 5579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5579] write(3, "1000", 4) = 4 [pid 5579] close(3) = 0 [pid 5579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5579] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5579] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5580]}, 88) = 5580 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5579] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5579] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5580 attached ) = 0 [pid 5579] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5580] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5579] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5581 attached [pid 5581] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5579] <... clone3 resumed> => {parent_tid=[5581]}, 88) = 5581 [pid 5581] <... rseq resumed>) = 0 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] set_robust_list(0x7f4380f719a0, 24 [pid 5579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] <... set_robust_list resumed>) = 0 [pid 5579] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5579] <... futex resumed>) = 0 [pid 5581] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... open resumed>) = 3 [pid 5580] <... rseq resumed>) = 0 [pid 5580] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5579] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5579] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] memfd_create("syzkaller", 0 [pid 5581] fallocate(3, 0, 35143, 7 [pid 5579] <... futex resumed>) = 0 [pid 5580] <... memfd_create resumed>) = 4 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5580] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5581] <... fallocate resumed>) = 0 [pid 5581] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5579] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5579] <... futex resumed>) = 0 [pid 5581] <... mount resumed>) = 0 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5581] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5579] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5581] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5581] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... write resumed>) = 262144 [pid 5580] munmap(0x7f4378b51000, 262144) = 0 [ 61.724316][ T5575] loop0: detected capacity change from 0 to 512 [ 61.739804][ T5575] EXT4-fs (loop0): failed to initialize system zone (-117) [ 61.750899][ T5575] EXT4-fs (loop0): mount failed [pid 5580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5580] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5580] close(4) = 0 [pid 5580] mkdir("./file1", 0777) = 0 [ 61.803694][ T5580] loop0: detected capacity change from 0 to 512 [ 61.838417][ T5580] EXT4-fs (loop0): 1 orphan inode deleted [pid 5580] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5580] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5580] chdir("./file1") = 0 [pid 5580] ioctl(6, LOOP_CLR_FD) = 0 [pid 5580] close(6) = 0 [pid 5580] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5579] exit_group(0 [pid 5581] <... futex resumed>) = ? [pid 5581] +++ exited with 0 +++ [pid 5580] <... futex resumed>) = ? [pid 5580] +++ exited with 0 +++ [pid 5579] <... exit_group resumed>) = ? [pid 5579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5579, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/bus") = 0 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 [ 61.844638][ T5580] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.857511][ T5580] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/140/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5585 attached , child_tidptr=0x555556e0f690) = 5585 [pid 5585] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5585] chdir("./141") = 0 [pid 5585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5585] setpgid(0, 0) = 0 [pid 5585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5585] write(3, "1000", 4) = 4 [pid 5585] close(3) = 0 [pid 5585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5585] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5585] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5586]}, 88) = 5586 ./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5585] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] <... rseq resumed>) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5585] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5586] set_robust_list(0x7f4380f929a0, 24 [pid 5585] <... mprotect resumed>) = 0 [pid 5585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5587 attached [pid 5586] <... set_robust_list resumed>) = 0 [pid 5587] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5585] <... clone3 resumed> => {parent_tid=[5587]}, 88) = 5587 [pid 5587] <... rseq resumed>) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5587] set_robust_list(0x7f4380f719a0, 24 [pid 5586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] <... set_robust_list resumed>) = 0 [pid 5585] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] <... futex resumed>) = 0 [pid 5587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5586] memfd_create("syzkaller", 0 [pid 5585] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5586] <... memfd_create resumed>) = 3 [ 61.894134][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5587] <... open resumed>) = 4 [pid 5586] <... mmap resumed>) = 0x7f4378b51000 [pid 5587] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5587] fallocate(4, 0, 35143, 7 [pid 5585] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5586] munmap(0x7f4378b51000, 262144) = 0 [pid 5586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5586] ioctl(5, LOOP_SET_FD, 3 [pid 5587] <... fallocate resumed>) = 0 [pid 5586] <... ioctl resumed>) = 0 [pid 5587] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] close(3 [pid 5587] <... futex resumed>) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5587] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... close resumed>) = 0 [pid 5585] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] mkdir("./file1", 0777 [pid 5585] <... futex resumed>) = 0 [pid 5587] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5585] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... mkdir resumed>) = 0 [pid 5587] <... mount resumed>) = 0 [pid 5586] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5587] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... open resumed>) = 3 [pid 5587] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5587] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5587] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... write resumed>) = 262144 [pid 5587] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [ 61.950235][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 61.950246][ T28] audit: type=1800 audit(1694162030.089:143): pid=5587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 61.957098][ T5586] loop0: detected capacity change from 0 to 512 [pid 5587] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5586] ioctl(5, LOOP_CLR_FD) = 0 [pid 5586] close(5) = 0 [pid 5586] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] exit_group(0) = ? [pid 5586] +++ exited with 0 +++ [pid 5587] <... futex resumed>) = ? [pid 5587] +++ exited with 0 +++ [pid 5585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5585, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/bus") = 0 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.997036][ T5586] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5588] chdir("./142") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5588] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5589 attached [pid 5589] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5588] <... clone3 resumed> => {parent_tid=[5589]}, 88) = 5589 [pid 5589] <... rseq resumed>) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], [pid 5589] set_robust_list(0x7f4380f929a0, 24 [pid 5588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5589] <... set_robust_list resumed>) = 0 [pid 5588] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] rt_sigprocmask(SIG_SETMASK, [], [pid 5588] <... futex resumed>) = 0 [pid 5589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] memfd_create("syzkaller", 0 [pid 5588] <... futex resumed>) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5589] <... memfd_create resumed>) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5588] <... mmap resumed>) = 0x7f4380f51000 [pid 5589] <... mmap resumed>) = 0x7f4378b51000 [pid 5588] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5590 attached [pid 5590] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5588] <... clone3 resumed> => {parent_tid=[5590]}, 88) = 5590 [pid 5590] <... rseq resumed>) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5590] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... open resumed>) = 4 [pid 5590] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] <... write resumed>) = 262144 [pid 5589] munmap(0x7f4378b51000, 262144 [pid 5588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5589] <... munmap resumed>) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5588] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5590] fallocate(4, 0, 35143, 7 [pid 5589] <... openat resumed>) = 5 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] ioctl(5, LOOP_SET_FD, 3 [pid 5590] <... fallocate resumed>) = 0 [pid 5590] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... futex resumed>) = 0 [pid 5589] <... ioctl resumed>) = 0 [pid 5589] close(3) = 0 [pid 5589] mkdir("./file1", 0777) = 0 [pid 5589] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5588] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5590] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5588] <... futex resumed>) = 1 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... open resumed>) = 3 [pid 5590] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5590] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... write resumed>) = 262144 [pid 5590] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 62.085807][ T28] audit: type=1800 audit(1694162030.219:144): pid=5590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.088858][ T5589] loop0: detected capacity change from 0 to 512 [ 62.124501][ T5589] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [pid 5590] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... futex resumed>) = 0 [pid 5589] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5589] ioctl(5, LOOP_CLR_FD) = 0 [pid 5589] close(5) = 0 [pid 5589] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] exit_group(0) = ? [pid 5589] <... futex resumed>) = ? [pid 5589] +++ exited with 0 +++ [pid 5590] <... futex resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/bus") = 0 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 [ 62.135033][ T5589] EXT4-fs (loop0): group descriptors corrupted! mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5591 attached , child_tidptr=0x555556e0f690) = 5591 [pid 5591] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5591] chdir("./143") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5591] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5591] <... clone3 resumed> => {parent_tid=[5592]}, 88) = 5592 [pid 5592] <... rseq resumed>) = 0 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] set_robust_list(0x7f4380f929a0, 24 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] <... set_robust_list resumed>) = 0 [pid 5591] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5591] <... futex resumed>) = 0 [pid 5592] memfd_create("syzkaller", 0 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5592] <... memfd_create resumed>) = 3 [pid 5591] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5591] <... mprotect resumed>) = 0 [pid 5592] <... mmap resumed>) = 0x7f4378b51000 [pid 5592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5593]}, 88) = 5593 ./strace-static-x86_64: Process 5593 attached [pid 5593] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] <... rseq resumed>) = 0 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5592] <... write resumed>) = 262144 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5593] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5592] munmap(0x7f4378b51000, 262144) = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5592] ioctl(5, LOOP_SET_FD, 3 [pid 5593] <... open resumed>) = 4 [pid 5592] <... ioctl resumed>) = 0 [pid 5592] close(3) = 0 [pid 5592] mkdir("./file1", 0777 [pid 5593] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5593] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... futex resumed>) = 0 [pid 5593] fallocate(4, 0, 35143, 7 [pid 5592] <... mkdir resumed>) = 0 [pid 5592] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5593] <... fallocate resumed>) = 0 [pid 5593] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... futex resumed>) = 1 [pid 5593] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5593] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... futex resumed>) = 1 [pid 5593] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5593] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = 1 [pid 5591] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5591] <... futex resumed>) = 0 [ 62.202027][ T28] audit: type=1800 audit(1694162030.339:145): pid=5593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.202620][ T5592] loop0: detected capacity change from 0 to 512 [pid 5591] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... write resumed>) = 262144 [pid 5593] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5593] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5592] ioctl(5, LOOP_CLR_FD) = 0 [pid 5592] close(5) = 0 [pid 5592] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] exit_group(0) = ? [pid 5592] <... futex resumed>) = ? [pid 5592] +++ exited with 0 +++ [pid 5593] <... futex resumed>) = ? [pid 5593] +++ exited with 0 +++ [pid 5591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5591, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/bus") = 0 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached , child_tidptr=0x555556e0f690) = 5596 [pid 5596] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5596] chdir("./144") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5596] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5597 attached => {parent_tid=[5597]}, 88) = 5597 [pid 5597] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5597] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5596] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] memfd_create("syzkaller", 0 [pid 5596] <... futex resumed>) = 0 [pid 5597] <... memfd_create resumed>) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5596] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... mmap resumed>) = 0x7f4378b72000 [pid 5596] <... futex resumed>) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [ 62.242591][ T5592] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 62.259604][ T5592] EXT4-fs (loop0): mount failed [pid 5596] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5598 attached => {parent_tid=[5598]}, 88) = 5598 [pid 5598] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5598] <... rseq resumed>) = 0 [pid 5598] set_robust_list(0x7f4378b719a0, 24 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5598] <... set_robust_list resumed>) = 0 [pid 5596] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] <... futex resumed>) = 0 [pid 5598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5598] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5596] <... futex resumed>) = 0 [pid 5598] <... futex resumed>) = 1 [pid 5596] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] fallocate(4, 0, 35143, 7 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... write resumed>) = 262144 [pid 5597] munmap(0x7f4378b72000, 262144) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5597] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] mkdir("./file1", 0777) = 0 [pid 5597] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5598] <... fallocate resumed>) = 0 [pid 5598] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5598] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] <... futex resumed>) = 0 [pid 5598] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5596] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... mount resumed>) = 0 [pid 5598] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5596] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... open resumed>) = 3 [pid 5598] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.318875][ T28] audit: type=1800 audit(1694162030.449:146): pid=5598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.330034][ T5597] loop0: detected capacity change from 0 to 512 [pid 5598] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5596] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... write resumed>) = 262144 [pid 5598] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... mount resumed>) = 0 [pid 5597] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5597] chdir("./file1") = 0 [pid 5597] ioctl(5, LOOP_CLR_FD) = 0 [pid 5597] close(5) = 0 [pid 5597] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] exit_group(0 [pid 5598] <... futex resumed>) = ? [pid 5596] <... exit_group resumed>) = ? [pid 5597] <... futex resumed>) = ? [pid 5598] +++ exited with 0 +++ [pid 5597] +++ exited with 0 +++ [pid 5596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/bus") = 0 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 [ 62.368464][ T5597] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.380682][ T5597] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/144/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5601 attached , child_tidptr=0x555556e0f690) = 5601 [pid 5601] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5601] chdir("./145") = 0 [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5601] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5601] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5602]}, 88) = 5602 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5601] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5601] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5603]}, 88) = 5603 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5601] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5603 attached [pid 5603] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5603] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5603] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 5602 attached [ 62.414597][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ) = 3 [pid 5602] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5602] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5602] memfd_create("syzkaller", 0) = 4 [pid 5602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5602] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5602] munmap(0x7f4378b51000, 262144) = 0 [pid 5602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5602] ioctl(5, LOOP_SET_FD, 4 [pid 5603] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... ioctl resumed>) = 0 [pid 5603] fallocate(3, 0, 35143, 7 [pid 5601] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] close(4 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... close resumed>) = 0 [pid 5601] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] mkdir("./file1", 0777) = 0 [pid 5602] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5603] <... fallocate resumed>) = 0 [pid 5603] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5603] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5603] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5601] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5603] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5603] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5601] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... open resumed>) = 4 [pid 5603] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5603] <... futex resumed>) = 1 [pid 5601] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5601] <... futex resumed>) = 0 [ 62.462464][ T28] audit: type=1800 audit(1694162030.599:147): pid=5603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.470506][ T5602] loop0: detected capacity change from 0 to 512 [pid 5601] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... write resumed>) = 262144 [pid 5603] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] <... futex resumed>) = 0 [pid 5602] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5602] ioctl(5, LOOP_CLR_FD) = 0 [pid 5602] close(5) = 0 [pid 5602] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] exit_group(0 [pid 5603] <... futex resumed>) = ? [pid 5601] <... exit_group resumed>) = ? [pid 5603] +++ exited with 0 +++ [pid 5602] <... futex resumed>) = ? [pid 5602] +++ exited with 0 +++ [pid 5601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5601, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/bus") = 0 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5606 attached , child_tidptr=0x555556e0f690) = 5606 [pid 5606] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5606] chdir("./146") = 0 [pid 5606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 62.503253][ T5602] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor369: iget: special inode unallocated [ 62.516984][ T5602] EXT4-fs (loop0): get root inode failed [ 62.522816][ T5602] EXT4-fs (loop0): mount failed [pid 5606] setpgid(0, 0) = 0 [pid 5606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5606] write(3, "1000", 4) = 4 [pid 5606] close(3) = 0 [pid 5606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5606] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5606] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5607 attached => {parent_tid=[5607]}, 88) = 5607 [pid 5607] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5607] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5607] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] memfd_create("syzkaller", 0) = 3 [pid 5607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5606] <... futex resumed>) = 1 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5606] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5608 attached [pid 5608] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5606] <... clone3 resumed> => {parent_tid=[5608]}, 88) = 5608 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... rseq resumed>) = 0 [pid 5608] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5607] <... write resumed>) = 262144 [pid 5607] munmap(0x7f4378b72000, 262144 [pid 5608] <... open resumed>) = 4 [pid 5607] <... munmap resumed>) = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5607] ioctl(5, LOOP_SET_FD, 3 [pid 5608] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5608] fallocate(4, 0, 35143, 7 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... ioctl resumed>) = 0 [pid 5607] close(3) = 0 [pid 5607] mkdir("./file1", 0777) = 0 [pid 5607] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5608] <... fallocate resumed>) = 0 [pid 5608] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [pid 5608] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5608] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [pid 5608] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5608] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [ 62.601032][ T28] audit: type=1800 audit(1694162030.739:148): pid=5608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.601696][ T5607] loop0: detected capacity change from 0 to 512 [ 62.637925][ T5609] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5608] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5608] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5608] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5607] ioctl(5, LOOP_CLR_FD) = 0 [pid 5607] close(5) = 0 [pid 5607] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] exit_group(0 [pid 5608] <... futex resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5606] <... exit_group resumed>) = ? [pid 5607] <... futex resumed>) = ? [pid 5607] +++ exited with 0 +++ [pid 5606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5606, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/bus") = 0 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5611 ./strace-static-x86_64: Process 5611 attached [pid 5611] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5611] chdir("./147") = 0 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 62.641790][ T5607] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 62.663172][ T5607] EXT4-fs (loop0): get root inode failed [ 62.668938][ T5607] EXT4-fs (loop0): mount failed [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5611] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5612 attached [pid 5612] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5611] <... clone3 resumed> => {parent_tid=[5612]}, 88) = 5612 [pid 5612] <... rseq resumed>) = 0 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] set_robust_list(0x7f4380f929a0, 24 [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5612] <... set_robust_list resumed>) = 0 [pid 5611] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] <... futex resumed>) = 0 [pid 5612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5611] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5613 attached [pid 5613] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5611] <... clone3 resumed> => {parent_tid=[5613]}, 88) = 5613 [pid 5613] set_robust_list(0x7f4380f719a0, 24 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] <... set_robust_list resumed>) = 0 [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] <... futex resumed>) = 0 [pid 5613] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5611] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] memfd_create("syzkaller", 0 [pid 5613] <... open resumed>) = 3 [pid 5612] <... memfd_create resumed>) = 4 [pid 5612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5612] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5612] munmap(0x7f4378b51000, 262144) = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5612] ioctl(5, LOOP_SET_FD, 4 [pid 5613] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... ioctl resumed>) = 0 [pid 5612] close(4) = 0 [pid 5612] mkdir("./file1", 0777 [pid 5613] <... futex resumed>) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5613] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] fallocate(3, 0, 35143, 7 [pid 5612] <... mkdir resumed>) = 0 [pid 5612] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5613] <... fallocate resumed>) = 0 [pid 5613] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5613] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5611] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5613] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5611] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 5613] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5613] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 62.721856][ T28] audit: type=1800 audit(1694162030.859:149): pid=5613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.731715][ T5612] loop0: detected capacity change from 0 to 512 [ 62.760235][ T5612] EXT4-fs (loop0): 1 orphan inode deleted [pid 5613] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5613] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = 0 [pid 5612] <... mount resumed>) = 0 [pid 5612] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5612] chdir("./file1") = 0 [pid 5612] ioctl(5, LOOP_CLR_FD) = 0 [pid 5612] close(5) = 0 [pid 5612] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] exit_group(0 [pid 5613] <... futex resumed>) = ? [pid 5611] <... exit_group resumed>) = ? [pid 5613] +++ exited with 0 +++ [pid 5612] <... futex resumed>) = ? [pid 5612] +++ exited with 0 +++ [pid 5611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5611, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/bus") = 0 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 [ 62.765934][ T5612] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.779400][ T5612] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/147/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5616 ./strace-static-x86_64: Process 5616 attached [pid 5616] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5616] chdir("./148") = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5616] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5617 attached => {parent_tid=[5617]}, 88) = 5617 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5616] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5617] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5617] set_robust_list(0x7f4380f929a0, 24 [pid 5616] <... mmap resumed>) = 0x7f4380f51000 [pid 5617] <... set_robust_list resumed>) = 0 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5616] <... mprotect resumed>) = 0 [pid 5616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5617] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5618 attached [pid 5618] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5616] <... clone3 resumed> => {parent_tid=[5618]}, 88) = 5618 [pid 5617] <... memfd_create resumed>) = 3 [pid 5618] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5616] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5617] <... mmap resumed>) = 0x7f4378b51000 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... open resumed>) = 4 [pid 5618] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5618] <... futex resumed>) = 1 [pid 5616] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] fallocate(4, 0, 35143, 7 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.817233][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.827605][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 62.837965][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5617] munmap(0x7f4378b51000, 262144) = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5617] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5617] close(3) = 0 [pid 5617] mkdir("./file1", 0777) = 0 [pid 5617] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5618] <... fallocate resumed>) = 0 [pid 5618] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5618] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5616] <... futex resumed>) = 0 [pid 5618] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5616] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5616] <... futex resumed>) = 1 [pid 5618] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5616] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... open resumed>) = 3 [pid 5618] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5618] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5616] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... write resumed>) = 262144 [pid 5618] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = 0 [pid 5617] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5617] ioctl(5, LOOP_CLR_FD) = 0 [pid 5617] close(5) = 0 [pid 5617] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] exit_group(0 [pid 5618] <... futex resumed>) = ? [pid 5618] +++ exited with 0 +++ [pid 5617] <... futex resumed>) = ? [pid 5616] <... exit_group resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5616, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/bus") = 0 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 62.890062][ T28] audit: type=1800 audit(1694162031.029:150): pid=5618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.894684][ T5617] loop0: detected capacity change from 0 to 512 [ 62.928045][ T5617] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5619 ./strace-static-x86_64: Process 5619 attached [pid 5619] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5619] chdir("./149") = 0 [pid 5619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5619] setpgid(0, 0) = 0 [pid 5619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5619] write(3, "1000", 4) = 4 [pid 5619] close(3) = 0 [pid 5619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5619] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5619] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5620]}, 88) = 5620 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5619] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5619] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5620 attached => {parent_tid=[5621]}, 88) = 5621 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5619] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5621 attached [pid 5620] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5621] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5620] <... rseq resumed>) = 0 [pid 5621] <... rseq resumed>) = 0 [pid 5620] set_robust_list(0x7f4380f929a0, 24 [pid 5621] set_robust_list(0x7f4380f719a0, 24 [pid 5620] <... set_robust_list resumed>) = 0 [pid 5621] <... set_robust_list resumed>) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5620] memfd_create("syzkaller", 0) = 4 [pid 5620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5620] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5621] <... open resumed>) = 3 [pid 5621] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 1 [pid 5621] fallocate(3, 0, 35143, 7 [pid 5620] <... write resumed>) = 262144 [pid 5620] munmap(0x7f4378b51000, 262144) = 0 [pid 5620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5620] ioctl(5, LOOP_SET_FD, 4 [pid 5621] <... fallocate resumed>) = 0 [pid 5620] <... ioctl resumed>) = 0 [pid 5621] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] close(4 [pid 5619] <... futex resumed>) = 0 [pid 5621] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... close resumed>) = 0 [pid 5619] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] mkdir("./file1", 0777 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5621] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5619] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5619] <... futex resumed>) = 0 [pid 5621] <... open resumed>) = 4 [pid 5620] <... mkdir resumed>) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 1 [pid 5620] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5621] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5621] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5621] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5620] ioctl(5, LOOP_CLR_FD) = 0 [pid 5620] close(5) = 0 [pid 5620] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] exit_group(0 [pid 5621] <... futex resumed>) = ? [pid 5621] +++ exited with 0 +++ [pid 5620] <... futex resumed>) = ? [pid 5619] <... exit_group resumed>) = ? [pid 5620] +++ exited with 0 +++ [pid 5619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5619, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/bus") = 0 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5622 attached [ 62.985616][ T28] audit: type=1800 audit(1694162031.119:151): pid=5621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.992770][ T5620] loop0: detected capacity change from 0 to 512 [ 63.022344][ T5620] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5622] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5622 [pid 5622] <... set_robust_list resumed>) = 0 [pid 5622] chdir("./150") = 0 [pid 5622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5622] setpgid(0, 0) = 0 [pid 5622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5622] write(3, "1000", 4) = 4 [pid 5622] close(3) = 0 [pid 5622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5622] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5622] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5623 attached [pid 5623] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5622] <... clone3 resumed> => {parent_tid=[5623]}, 88) = 5623 [pid 5623] <... rseq resumed>) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] set_robust_list(0x7f4380f929a0, 24 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] <... set_robust_list resumed>) = 0 [pid 5622] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] <... futex resumed>) = 0 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] memfd_create("syzkaller", 0 [pid 5622] <... futex resumed>) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5623] <... memfd_create resumed>) = 3 [pid 5622] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5622] <... mprotect resumed>) = 0 [pid 5623] <... mmap resumed>) = 0x7f4378b51000 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5624 attached [pid 5624] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5622] <... clone3 resumed> => {parent_tid=[5624]}, 88) = 5624 [pid 5624] <... rseq resumed>) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] set_robust_list(0x7f4380f719a0, 24 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5624] <... set_robust_list resumed>) = 0 [pid 5622] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] <... futex resumed>) = 0 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5623] <... write resumed>) = 262144 [pid 5624] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] munmap(0x7f4378b51000, 262144 [pid 5622] <... futex resumed>) = 0 [pid 5624] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] <... munmap resumed>) = 0 [pid 5622] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] <... futex resumed>) = 0 [pid 5624] fallocate(4, 0, 35143, 7 [pid 5622] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5623] ioctl(5, LOOP_SET_FD, 3 [pid 5624] <... fallocate resumed>) = 0 [pid 5624] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5624] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5624] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5624] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5624] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5623] <... ioctl resumed>) = 0 [pid 5622] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] close(3) = 0 [ 63.083349][ T28] audit: type=1800 audit(1694162031.219:152): pid=5624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 63.086210][ T5623] loop0: detected capacity change from 0 to 512 [ 63.116345][ T5624] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5623] mkdir("./file1", 0777) = 0 [pid 5623] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5624] <... write resumed>) = -1 EIO (Input/output error) [pid 5624] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5624] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5623] ioctl(5, LOOP_CLR_FD) = 0 [pid 5623] close(5) = 0 [pid 5623] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] exit_group(0) = ? [pid 5624] <... futex resumed>) = ? [pid 5623] <... futex resumed>) = ? [pid 5624] +++ exited with 0 +++ [pid 5623] +++ exited with 0 +++ [pid 5622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5622, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/bus") = 0 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5625 ./strace-static-x86_64: Process 5625 attached [pid 5625] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5625] chdir("./151") = 0 [pid 5625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5625] setpgid(0, 0) = 0 [pid 5625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5625] write(3, "1000", 4) = 4 [pid 5625] close(3) = 0 [pid 5625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5625] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5625] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5626 attached [pid 5626] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5625] <... clone3 resumed> => {parent_tid=[5626]}, 88) = 5626 [pid 5626] <... rseq resumed>) = 0 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] set_robust_list(0x7f4380f929a0, 24 [pid 5625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5626] <... set_robust_list resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] <... futex resumed>) = 0 [pid 5626] memfd_create("syzkaller", 0 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... memfd_create resumed>) = 3 [pid 5625] <... futex resumed>) = 0 [pid 5626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5626] <... mmap resumed>) = 0x7f4378b72000 [pid 5625] <... mmap resumed>) = 0x7f4378b51000 [pid 5625] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE [pid 5626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5625] <... mprotect resumed>) = 0 [pid 5625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5625] <... clone3 resumed> => {parent_tid=[5627]}, 88) = 5627 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5625] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... rseq resumed>) = 0 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5627] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5627] fallocate(4, 0, 35143, 7 [pid 5626] <... write resumed>) = 262144 [pid 5626] munmap(0x7f4378b72000, 262144 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... munmap resumed>) = 0 [pid 5626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 63.126129][ T5624] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 63.140406][ T5623] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5626] ioctl(5, LOOP_SET_FD, 3 [pid 5627] <... fallocate resumed>) = 0 [pid 5627] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... ioctl resumed>) = 0 [pid 5625] <... futex resumed>) = 0 [pid 5626] close(3 [pid 5625] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5626] <... close resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5627] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5626] mkdir("./file1", 0777 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... mount resumed>) = 0 [pid 5627] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5627] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5627] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] <... futex resumed>) = 0 [pid 5625] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5625] <... futex resumed>) = 0 [pid 5626] <... mkdir resumed>) = 0 [pid 5625] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5627] <... write resumed>) = 262144 [pid 5627] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5627] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5626] ioctl(5, LOOP_CLR_FD) = 0 [pid 5626] close(5) = 0 [pid 5626] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] exit_group(0) = ? [pid 5626] <... futex resumed>) = ? [pid 5627] <... futex resumed>) = ? [pid 5626] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ [pid 5625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5625, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/bus") = 0 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5628 attached [pid 5628] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5628 [pid 5628] <... set_robust_list resumed>) = 0 [ 63.193614][ T5626] loop0: detected capacity change from 0 to 512 [ 63.210327][ T5626] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5628] chdir("./152") = 0 [pid 5628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5628] setpgid(0, 0) = 0 [pid 5628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5628] write(3, "1000", 4) = 4 [pid 5628] close(3) = 0 [pid 5628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5628] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5628] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5629 attached => {parent_tid=[5629]}, 88) = 5629 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5628] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5629] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5629] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] <... mmap resumed>) = 0x7f4380f51000 [pid 5628] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5630 attached [pid 5630] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5629] memfd_create("syzkaller", 0 [pid 5630] <... rseq resumed>) = 0 [pid 5628] <... clone3 resumed> => {parent_tid=[5630]}, 88) = 5630 [pid 5630] set_robust_list(0x7f4380f719a0, 24 [pid 5629] <... memfd_create resumed>) = 3 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5630] <... set_robust_list resumed>) = 0 [pid 5629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5630] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] <... mmap resumed>) = 0x7f4378b51000 [pid 5628] <... futex resumed>) = 0 [pid 5630] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5628] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... open resumed>) = 4 [pid 5630] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5628] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] fallocate(4, 0, 35143, 7 [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5629] munmap(0x7f4378b51000, 262144) = 0 [pid 5629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5629] ioctl(5, LOOP_SET_FD, 3 [pid 5630] <... fallocate resumed>) = 0 [pid 5629] <... ioctl resumed>) = 0 [pid 5630] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] close(3 [pid 5630] <... futex resumed>) = 1 [pid 5629] <... close resumed>) = 0 [pid 5628] <... futex resumed>) = 0 [pid 5630] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] mkdir("./file1", 0777 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5629] <... mkdir resumed>) = 0 [pid 5628] <... futex resumed>) = 0 [pid 5630] <... mount resumed>) = 0 [pid 5629] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5628] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] <... futex resumed>) = 0 [pid 5630] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5628] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... open resumed>) = 3 [pid 5630] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5630] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... write resumed>) = 262144 [pid 5630] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [ 63.274650][ T5629] loop0: detected capacity change from 0 to 512 [ 63.289317][ T5631] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 63.289827][ T5629] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 63.314439][ T5629] EXT4-fs (loop0): get root inode failed [ 63.320194][ T5629] EXT4-fs (loop0): mount failed [pid 5630] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5629] ioctl(5, LOOP_CLR_FD) = 0 [pid 5629] close(5) = 0 [pid 5629] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] exit_group(0 [pid 5630] <... futex resumed>) = ? [pid 5630] +++ exited with 0 +++ [pid 5629] <... futex resumed>) = ? [pid 5629] +++ exited with 0 +++ [pid 5628] <... exit_group resumed>) = ? [pid 5628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5628, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/bus") = 0 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5633 attached , child_tidptr=0x555556e0f690) = 5633 [pid 5633] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5633] chdir("./153") = 0 [pid 5633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5633] setpgid(0, 0) = 0 [pid 5633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5633] write(3, "1000", 4) = 4 [pid 5633] close(3) = 0 [pid 5633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5633] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5633] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5634 attached => {parent_tid=[5634]}, 88) = 5634 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5633] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5633] <... futex resumed>) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5634] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5633] <... mmap resumed>) = 0x7f4380f51000 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5633] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5634] memfd_create("syzkaller", 0 [pid 5633] <... mprotect resumed>) = 0 [pid 5633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] <... memfd_create resumed>) = 3 [pid 5634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5634] <... mmap resumed>) = 0x7f4378b51000 [pid 5633] <... clone3 resumed> => {parent_tid=[5635]}, 88) = 5635 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5633] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5635 attached ) = 262144 [pid 5634] munmap(0x7f4378b51000, 262144 [pid 5635] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5634] <... munmap resumed>) = 0 [pid 5635] set_robust_list(0x7f4380f719a0, 24 [pid 5634] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5635] <... set_robust_list resumed>) = 0 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5635] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5634] <... openat resumed>) = 4 [pid 5634] ioctl(4, LOOP_SET_FD, 3 [pid 5635] <... open resumed>) = 5 [pid 5635] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... ioctl resumed>) = 0 [pid 5633] <... futex resumed>) = 0 [pid 5635] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] close(3 [pid 5633] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... close resumed>) = 0 [pid 5633] <... futex resumed>) = 0 [pid 5634] mkdir("./file1", 0777 [pid 5633] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... mkdir resumed>) = 0 [pid 5635] fallocate(5, 0, 35143, 7 [pid 5634] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5635] <... fallocate resumed>) = 0 [pid 5635] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] <... futex resumed>) = 0 [pid 5635] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5633] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... mount resumed>) = 0 [pid 5635] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5635] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5633] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... open resumed>) = 3 [pid 5635] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] <... futex resumed>) = 0 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... write resumed>) = 262144 [pid 5635] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5635] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5634] ioctl(4, LOOP_CLR_FD) = 0 [pid 5634] close(4) = 0 [pid 5634] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] exit_group(0 [pid 5635] <... futex resumed>) = ? [pid 5634] <... futex resumed>) = ? [pid 5635] +++ exited with 0 +++ [pid 5634] +++ exited with 0 +++ [pid 5633] <... exit_group resumed>) = ? [pid 5633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5633, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/bus") = 0 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5636 ./strace-static-x86_64: Process 5636 attached [pid 5636] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5636] chdir("./154") = 0 [pid 5636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5636] setpgid(0, 0) = 0 [pid 5636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5636] write(3, "1000", 4) = 4 [pid 5636] close(3) = 0 [pid 5636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5636] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5636] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5637 attached [pid 5637] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5636] <... clone3 resumed> => {parent_tid=[5637]}, 88) = 5637 [pid 5637] <... rseq resumed>) = 0 [pid 5636] rt_sigprocmask(SIG_SETMASK, [], [pid 5637] set_robust_list(0x7f4380f929a0, 24 [pid 5636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5637] <... set_robust_list resumed>) = 0 [pid 5636] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], [pid 5636] <... futex resumed>) = 0 [pid 5637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] memfd_create("syzkaller", 0 [pid 5636] <... futex resumed>) = 0 [pid 5636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5637] <... memfd_create resumed>) = 3 [pid 5637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5636] <... mmap resumed>) = 0x7f4380f51000 [pid 5636] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5637] <... mmap resumed>) = 0x7f4378b51000 [pid 5636] <... mprotect resumed>) = 0 [pid 5637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5638 attached [pid 5638] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5638] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5636] <... clone3 resumed> => {parent_tid=[5638]}, 88) = 5638 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5636] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5636] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5638] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... open resumed>) = 4 [pid 5638] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5638] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 63.376878][ T5634] loop0: detected capacity change from 0 to 512 [ 63.397347][ T5634] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... write resumed>) = 262144 [pid 5637] munmap(0x7f4378b51000, 262144 [pid 5638] <... futex resumed>) = 0 [pid 5638] fallocate(4, 0, 35143, 7 [pid 5637] <... munmap resumed>) = 0 [pid 5637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5637] ioctl(5, LOOP_SET_FD, 3 [pid 5638] <... fallocate resumed>) = 0 [pid 5638] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] <... ioctl resumed>) = 0 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] close(3 [pid 5638] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5637] <... close resumed>) = 0 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] mkdir("./file1", 0777 [pid 5638] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5638] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... mkdir resumed>) = 0 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... futex resumed>) = 1 [pid 5638] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5638] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... futex resumed>) = 1 [pid 5638] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5638] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] <... futex resumed>) = 0 [pid 5637] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5637] ioctl(5, LOOP_CLR_FD) = 0 [pid 5637] close(5) = 0 [pid 5637] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] exit_group(0 [pid 5638] <... futex resumed>) = ? [pid 5637] <... futex resumed>) = ? [pid 5636] <... exit_group resumed>) = ? [pid 5638] +++ exited with 0 +++ [pid 5637] +++ exited with 0 +++ [pid 5636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5636, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/bus") = 0 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5639 ./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5639] chdir("./155") = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5639] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5639] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5640 attached => {parent_tid=[5640]}, 88) = 5640 [pid 5640] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5640] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5640] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5639] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5640] memfd_create("syzkaller", 0) = 3 [pid 5640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5639] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.460815][ T5637] loop0: detected capacity change from 0 to 512 [ 63.471009][ T5637] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 63.481603][ T5637] EXT4-fs (loop0): group descriptors corrupted! [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5639] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 5640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5641 attached [pid 5639] <... clone3 resumed> => {parent_tid=[5641]}, 88) = 5641 [pid 5641] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] <... rseq resumed>) = 0 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5641] set_robust_list(0x7f4378b719a0, 24 [pid 5639] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... set_robust_list resumed>) = 0 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5641] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5640] <... write resumed>) = 262144 [pid 5641] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] munmap(0x7f4378b72000, 262144 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... munmap resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5639] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] fallocate(4, 0, 35143, 7 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5640] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5640] close(3) = 0 [pid 5640] mkdir("./file1", 0777 [pid 5641] <... fallocate resumed>) = 0 [pid 5641] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... mkdir resumed>) = 0 [pid 5641] <... futex resumed>) = 1 [pid 5640] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5639] <... futex resumed>) = 0 [pid 5641] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5641] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5641] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5639] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5641] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5641] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5639] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... write resumed>) = 262144 [pid 5641] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5641] <... futex resumed>) = 1 [pid 5641] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5640] ioctl(5, LOOP_CLR_FD) = 0 [pid 5640] close(5) = 0 [pid 5640] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] exit_group(0 [pid 5641] <... futex resumed>) = ? [pid 5641] +++ exited with 0 +++ [pid 5640] <... futex resumed>) = ? [pid 5639] <... exit_group resumed>) = ? [pid 5640] +++ exited with 0 +++ [pid 5639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5639, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/bus") = 0 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5643 ./strace-static-x86_64: Process 5643 attached [pid 5643] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5643] chdir("./156") = 0 [pid 5643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5643] setpgid(0, 0) = 0 [pid 5643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5643] write(3, "1000", 4) = 4 [pid 5643] close(3) = 0 [pid 5643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5643] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5643] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5644 attached [pid 5644] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5643] <... clone3 resumed> => {parent_tid=[5644]}, 88) = 5644 [pid 5644] set_robust_list(0x7f4380f929a0, 24 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] <... set_robust_list resumed>) = 0 [pid 5643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] <... futex resumed>) = 0 [pid 5644] memfd_create("syzkaller", 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5644] <... memfd_create resumed>) = 3 [pid 5643] <... mmap resumed>) = 0x7f4380f51000 [pid 5644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5643] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5645]}, 88) = 5645 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5643] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5645] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5644] <... write resumed>) = 262144 [pid 5644] munmap(0x7f4378b51000, 262144 [pid 5645] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5644] <... munmap resumed>) = 0 [pid 5644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5645] <... open resumed>) = 4 [ 63.548969][ T5640] loop0: detected capacity change from 0 to 512 [ 63.561979][ T5640] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 63.575733][ T5640] EXT4-fs (loop0): get root inode failed [ 63.581607][ T5640] EXT4-fs (loop0): mount failed [pid 5644] ioctl(5, LOOP_SET_FD, 3 [pid 5645] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... ioctl resumed>) = 0 [pid 5644] close(3) = 0 [pid 5644] mkdir("./file1", 0777 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] fallocate(4, 0, 35143, 7 [pid 5644] <... mkdir resumed>) = 0 [pid 5644] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5645] <... fallocate resumed>) = 0 [pid 5645] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... mount resumed>) = 0 [pid 5645] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... open resumed>) = 3 [pid 5645] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = 0 [pid 5643] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 1 [pid 5645] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5645] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = 1 [pid 5645] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... mount resumed>) = 0 [pid 5644] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5644] chdir("./file1") = 0 [pid 5644] ioctl(5, LOOP_CLR_FD) = 0 [pid 5644] close(5) = 0 [pid 5644] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] exit_group(0) = ? [pid 5644] <... futex resumed>) = ? [pid 5645] <... futex resumed>) = ? [pid 5645] +++ exited with 0 +++ [pid 5644] +++ exited with 0 +++ [pid 5643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5643, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/bus") = 0 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 63.625092][ T5644] loop0: detected capacity change from 0 to 512 [ 63.641661][ T5644] EXT4-fs (loop0): 1 orphan inode deleted [ 63.647808][ T5644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.660672][ T5644] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/156/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5648 attached , child_tidptr=0x555556e0f690) = 5648 [pid 5648] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5648] chdir("./157") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5648] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5648] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5649]}, 88) = 5649 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5648] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5648] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5650 attached ./strace-static-x86_64: Process 5649 attached [pid 5650] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5649] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5648] <... clone3 resumed> => {parent_tid=[5650]}, 88) = 5650 [pid 5650] <... rseq resumed>) = 0 [pid 5649] <... rseq resumed>) = 0 [pid 5650] set_robust_list(0x7f4380f719a0, 24 [pid 5649] set_robust_list(0x7f4380f929a0, 24 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], [pid 5650] <... set_robust_list resumed>) = 0 [pid 5649] <... set_robust_list resumed>) = 0 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5649] rt_sigprocmask(SIG_SETMASK, [], [pid 5648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5648] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5649] memfd_create("syzkaller", 0 [pid 5648] <... futex resumed>) = 0 [pid 5650] <... open resumed>) = 3 [pid 5649] <... memfd_create resumed>) = 4 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5648] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] fallocate(3, 0, 35143, 7 [pid 5649] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5649] munmap(0x7f4378b51000, 262144) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 63.686000][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.696001][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 63.705805][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5649] ioctl(5, LOOP_SET_FD, 4 [pid 5650] <... fallocate resumed>) = 0 [pid 5649] <... ioctl resumed>) = 0 [pid 5650] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5650] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5650] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] close(4 [pid 5650] <... futex resumed>) = 1 [pid 5649] <... close resumed>) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5650] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] mkdir("./file1", 0777 [pid 5648] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5649] <... mkdir resumed>) = 0 [pid 5650] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5649] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5648] <... futex resumed>) = 0 [pid 5650] <... open resumed>) = 4 [pid 5650] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5648] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5648] <... futex resumed>) = 1 [pid 5648] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... write resumed>) = 262144 [pid 5650] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5650] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5649] ioctl(5, LOOP_CLR_FD) = 0 [pid 5649] close(5) = 0 [pid 5649] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] exit_group(0) = ? [pid 5650] <... futex resumed>) = ? [pid 5650] +++ exited with 0 +++ [pid 5649] <... futex resumed>) = ? [pid 5649] +++ exited with 0 +++ [pid 5648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5648, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/bus") = 0 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5651 ./strace-static-x86_64: Process 5651 attached [pid 5651] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5651] chdir("./158") = 0 [pid 5651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5651] setpgid(0, 0) = 0 [pid 5651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5651] write(3, "1000", 4) = 4 [pid 5651] close(3) = 0 [pid 5651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5651] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5651] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5652]}, 88) = 5652 ./strace-static-x86_64: Process 5652 attached [pid 5651] rt_sigprocmask(SIG_SETMASK, [], [pid 5652] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5652] <... rseq resumed>) = 0 [pid 5651] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5651] <... futex resumed>) = 0 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5651] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] <... mprotect resumed>) = 0 [pid 5651] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5652] memfd_create("syzkaller", 0 [pid 5651] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5653 attached [pid 5653] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5651] <... clone3 resumed> => {parent_tid=[5653]}, 88) = 5653 [pid 5653] <... rseq resumed>) = 0 [pid 5651] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] set_robust_list(0x7f4380f719a0, 24 [pid 5652] <... memfd_create resumed>) = 3 [pid 5651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5651] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] <... futex resumed>) = 0 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5653] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] <... futex resumed>) = 0 [pid 5652] <... mmap resumed>) = 0x7f4378b51000 [pid 5651] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5653] fallocate(4, 0, 35143, 7 [pid 5651] <... futex resumed>) = 1 [pid 5651] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5652] munmap(0x7f4378b51000, 262144 [pid 5653] <... fallocate resumed>) = 0 [ 63.760249][ T5649] loop0: detected capacity change from 0 to 512 [ 63.777242][ T5649] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5653] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5652] <... munmap resumed>) = 0 [pid 5652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5652] ioctl(5, LOOP_SET_FD, 3 [pid 5653] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5651] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... mount resumed>) = 0 [pid 5651] <... futex resumed>) = 0 [pid 5653] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... futex resumed>) = 0 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5653] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5651] <... futex resumed>) = 0 [pid 5653] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5651] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... open resumed>) = 6 [pid 5653] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5653] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5651] <... futex resumed>) = 0 [pid 5653] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5651] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] <... ioctl resumed>) = 0 [pid 5652] close(3) = 0 [pid 5652] mkdir("./file1", 0777) = 0 [pid 5652] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5653] <... write resumed>) = 262144 [pid 5653] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5653] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5652] ioctl(5, LOOP_CLR_FD) = 0 [pid 5652] close(5) = 0 [pid 5652] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5652] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] exit_group(0) = ? [pid 5652] <... futex resumed>) = ? [pid 5653] <... futex resumed>) = ? [pid 5652] +++ exited with 0 +++ [pid 5653] +++ exited with 0 +++ [pid 5651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5651, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/bus") = 0 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5654 ./strace-static-x86_64: Process 5654 attached [pid 5654] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5654] chdir("./159") = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5654] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5654] <... clone3 resumed> => {parent_tid=[5655]}, 88) = 5655 [pid 5655] <... rseq resumed>) = 0 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5654] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 63.843113][ T5652] loop0: detected capacity change from 0 to 512 [ 63.866100][ T5652] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5654] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] memfd_create("syzkaller", 0 [pid 5654] <... futex resumed>) = 0 [pid 5655] <... memfd_create resumed>) = 3 [pid 5655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] <... mmap resumed>) = 0x7f4378b72000 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5654] <... mmap resumed>) = 0x7f4378b51000 [pid 5654] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5655] <... write resumed>) = 262144 [pid 5655] munmap(0x7f4378b72000, 262144) = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5655] ioctl(4, LOOP_SET_FD, 3 [pid 5654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 5655] <... ioctl resumed>) = 0 [pid 5655] close(3) = 0 [pid 5655] mkdir("./file1", 0777) = 0 [pid 5655] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue"./strace-static-x86_64: Process 5656 attached [pid 5654] <... clone3 resumed> => {parent_tid=[5656]}, 88) = 5656 [pid 5656] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5656] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5656] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5654] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5654] <... futex resumed>) = 1 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5656] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5656] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5656] fallocate(3, 0, 35143, 7) = 0 [pid 5656] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5654] <... futex resumed>) = 1 [pid 5656] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 1 [pid 5656] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... open resumed>) = 5 [pid 5656] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 0 [pid 5656] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5656] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5655] <... mount resumed>) = 0 [pid 5655] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5655] chdir("./file1") = 0 [pid 5655] ioctl(4, LOOP_CLR_FD) = 0 [pid 5655] close(4) = 0 [pid 5655] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] exit_group(0 [pid 5656] <... futex resumed>) = ? [pid 5655] <... futex resumed>) = ? [pid 5654] <... exit_group resumed>) = ? [pid 5656] +++ exited with 0 +++ [pid 5655] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5654, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/bus") = 0 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 [ 63.930506][ T5655] loop0: detected capacity change from 0 to 512 [ 63.954237][ T5655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.967244][ T5655] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/159/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5660 ./strace-static-x86_64: Process 5660 attached [pid 5660] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5660] chdir("./160") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5660] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5660] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 [pid 5661] <... rseq resumed>) = 0 [pid 5661] set_robust_list(0x7f4380f929a0, 24 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] <... set_robust_list resumed>) = 0 [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], [pid 5660] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5661] memfd_create("syzkaller", 0 [pid 5660] <... mmap resumed>) = 0x7f4380f51000 [pid 5661] <... memfd_create resumed>) = 3 [pid 5660] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5660] <... mprotect resumed>) = 0 [pid 5661] <... mmap resumed>) = 0x7f4378b51000 [pid 5661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5660] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5661] <... write resumed>) = 262144 [pid 5661] munmap(0x7f4378b51000, 262144 [pid 5660] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5661] <... munmap resumed>) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.001420][ T5033] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5661] ioctl(4, LOOP_SET_FD, 3 [pid 5660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5661] <... ioctl resumed>) = 0 [pid 5661] close(3) = 0 ./strace-static-x86_64: Process 5662 attached [pid 5662] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5662] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5661] mkdir("./file1", 0777 [pid 5660] <... clone3 resumed> => {parent_tid=[5662]}, 88) = 5662 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5660] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5662] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5660] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... mkdir resumed>) = 0 [pid 5661] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5662] <... open resumed>) = 3 [pid 5662] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5660] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] fallocate(3, 0, 35143, 7 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5662] <... fallocate resumed>) = 0 [pid 5662] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5662] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5660] <... futex resumed>) = 0 [pid 5662] <... mount resumed>) = 0 [pid 5660] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5662] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] <... futex resumed>) = 0 [pid 5662] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5660] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5662] <... open resumed>) = 5 [pid 5661] <... mount resumed>) = 0 [pid 5661] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5661] chdir("./file1") = 0 [pid 5661] ioctl(4, LOOP_CLR_FD) = 0 [pid 5661] close(4) = 0 [pid 5661] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5662] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] <... futex resumed>) = 0 [pid 5660] futex(0x7f438105e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5661] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5660] exit_group(0 [pid 5661] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... exit_group resumed>) = ? [pid 5662] <... futex resumed>) = ? [pid 5661] <... futex resumed>) = ? [pid 5662] +++ exited with 0 +++ [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/bus") = 0 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 [ 64.060934][ T5661] loop0: detected capacity change from 0 to 512 [ 64.079918][ T5661] EXT4-fs (loop0): 1 orphan inode deleted [ 64.085679][ T5661] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/160/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5665 ./strace-static-x86_64: Process 5665 attached [pid 5665] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5665] chdir("./161") = 0 [pid 5665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5665] setpgid(0, 0) = 0 [pid 5665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5665] write(3, "1000", 4) = 4 [pid 5665] close(3) = 0 [pid 5665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5665] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5665] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5666]}, 88) = 5666 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5665] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5666 attached ) = 0 [pid 5666] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5666] <... rseq resumed>) = 0 [pid 5666] set_robust_list(0x7f4380f929a0, 24 [pid 5665] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5666] <... set_robust_list resumed>) = 0 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5666] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5667 attached [pid 5667] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5665] <... clone3 resumed> => {parent_tid=[5667]}, 88) = 5667 [pid 5667] <... rseq resumed>) = 0 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5665] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5665] <... futex resumed>) = 0 [pid 5667] <... open resumed>) = 3 [pid 5666] memfd_create("syzkaller", 0 [pid 5665] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... memfd_create resumed>) = 4 [pid 5666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5665] <... futex resumed>) = 0 [pid 5665] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... futex resumed>) = 1 [pid 5666] <... mmap resumed>) = 0x7f4378b51000 [pid 5667] fallocate(3, 0, 35143, 7 [pid 5666] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5667] <... fallocate resumed>) = 0 [pid 5667] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] <... futex resumed>) = 0 [pid 5665] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5667] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5666] <... write resumed>) = 262144 [pid 5667] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5667] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [ 64.139469][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 64.149301][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5665] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] munmap(0x7f4378b51000, 262144 [pid 5667] <... futex resumed>) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5667] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] <... munmap resumed>) = 0 [pid 5665] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] <... futex resumed>) = 0 [pid 5667] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5665] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5667] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5667] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5666] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5666] close(4) = 0 [pid 5666] mkdir("./file1", 0777) = 0 [pid 5666] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5666] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5666] chdir("./file1") = 0 [pid 5666] ioctl(6, LOOP_CLR_FD) = 0 [pid 5666] close(6) = 0 [pid 5666] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] exit_group(0) = ? [pid 5667] <... futex resumed>) = ? [pid 5667] +++ exited with 0 +++ [pid 5666] <... futex resumed>) = ? [pid 5666] +++ exited with 0 +++ [pid 5665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5665, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/bus") = 0 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 64.201978][ T5666] loop0: detected capacity change from 0 to 512 [ 64.219993][ T5666] EXT4-fs (loop0): 1 orphan inode deleted [ 64.225974][ T5666] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/161/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5670 attached , child_tidptr=0x555556e0f690) = 5670 [pid 5670] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5670] chdir("./162") = 0 [pid 5670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5670] setpgid(0, 0) = 0 [pid 5670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5670] write(3, "1000", 4) = 4 [pid 5670] close(3) = 0 [pid 5670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5670] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5670] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5671 attached [pid 5671] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5670] <... clone3 resumed> => {parent_tid=[5671]}, 88) = 5671 [pid 5671] <... rseq resumed>) = 0 [pid 5670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5670] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5671] set_robust_list(0x7f4380f929a0, 24 [pid 5670] <... mmap resumed>) = 0x7f4380f51000 [pid 5671] <... set_robust_list resumed>) = 0 [pid 5670] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5671] rt_sigprocmask(SIG_SETMASK, [], [pid 5670] <... mprotect resumed>) = 0 [pid 5670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5671] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5672 attached [pid 5670] <... clone3 resumed> => {parent_tid=[5672]}, 88) = 5672 [pid 5672] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5670] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] <... rseq resumed>) = 0 [pid 5671] memfd_create("syzkaller", 0 [pid 5672] set_robust_list(0x7f4380f719a0, 24 [pid 5670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] <... set_robust_list resumed>) = 0 [pid 5670] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], [pid 5671] <... memfd_create resumed>) = 3 [pid 5670] <... futex resumed>) = 0 [pid 5672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5672] <... open resumed>) = 4 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... mmap resumed>) = 0x7f4378b51000 [pid 5672] <... futex resumed>) = 0 [pid 5670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] fallocate(4, 0, 35143, 7 [pid 5671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5671] munmap(0x7f4378b51000, 262144) = 0 [pid 5671] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5672] <... fallocate resumed>) = 0 [pid 5672] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... openat resumed>) = 5 [pid 5672] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... futex resumed>) = 0 [pid 5670] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5670] <... futex resumed>) = 1 [pid 5672] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5671] ioctl(5, LOOP_SET_FD, 3 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... mount resumed>) = 0 [pid 5672] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... ioctl resumed>) = 0 [pid 5671] close(3) = 0 [pid 5671] mkdir("./file1", 0777) = 0 [pid 5671] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5672] <... futex resumed>) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5670] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5670] <... futex resumed>) = 0 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... open resumed>) = 3 [pid 5672] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5670] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5670] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5672] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... futex resumed>) = 0 [pid 5671] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5671] ioctl(5, LOOP_CLR_FD) = 0 [pid 5671] close(5) = 0 [pid 5671] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5671] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] exit_group(0) = ? [pid 5672] <... futex resumed>) = ? [pid 5671] <... futex resumed>) = ? [pid 5672] +++ exited with 0 +++ [pid 5671] +++ exited with 0 +++ [pid 5670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5670, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/bus") = 0 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5675 [ 64.324377][ T5671] loop0: detected capacity change from 0 to 512 [ 64.337610][ T5673] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 64.341279][ T5671] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 64.362933][ T5671] EXT4-fs (loop0): get root inode failed [ 64.368893][ T5671] EXT4-fs (loop0): mount failed ./strace-static-x86_64: Process 5675 attached [pid 5675] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5675] chdir("./163") = 0 [pid 5675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5675] setpgid(0, 0) = 0 [pid 5675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5675] write(3, "1000", 4) = 4 [pid 5675] close(3) = 0 [pid 5675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5675] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5675] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5676 attached [pid 5676] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5675] <... clone3 resumed> => {parent_tid=[5676]}, 88) = 5676 [pid 5676] <... rseq resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] set_robust_list(0x7f4380f929a0, 24 [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] <... set_robust_list resumed>) = 0 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5675] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] memfd_create("syzkaller", 0 [pid 5675] <... futex resumed>) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5676] <... memfd_create resumed>) = 3 [pid 5675] <... mmap resumed>) = 0x7f4380f51000 [pid 5676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5675] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5676] <... mmap resumed>) = 0x7f4378b51000 [pid 5675] <... mprotect resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5677 attached => {parent_tid=[5677]}, 88) = 5677 [pid 5677] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... rseq resumed>) = 0 [pid 5677] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5677] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5675] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5677] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5675] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5677] <... open resumed>) = 4 [pid 5677] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5677] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] fallocate(4, 0, 35143, 7 [pid 5676] <... write resumed>) = 262144 [pid 5676] munmap(0x7f4378b51000, 262144) = 0 [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5676] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5676] close(3 [pid 5677] <... fallocate resumed>) = 0 [pid 5676] <... close resumed>) = 0 [pid 5677] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] mkdir("./file1", 0777 [pid 5677] <... futex resumed>) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... mkdir resumed>) = 0 [pid 5677] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5676] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5677] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5677] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5677] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5677] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] <... futex resumed>) = 0 [pid 5676] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5676] ioctl(5, LOOP_CLR_FD) = 0 [pid 5676] close(5) = 0 [pid 5676] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] exit_group(0) = ? [pid 5677] <... futex resumed>) = ? [pid 5677] +++ exited with 0 +++ [pid 5676] <... futex resumed>) = ? [pid 5676] +++ exited with 0 +++ [pid 5675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5675, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/bus") = 0 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5679 attached [pid 5679] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5679] chdir("./164") = 0 [pid 5679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5679] setpgid(0, 0) = 0 [pid 5679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5679 [pid 5679] write(3, "1000", 4) = 4 [pid 5679] close(3) = 0 [pid 5679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5679] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5679] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5680]}, 88) = 5680 [pid 5679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5679] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 ./strace-static-x86_64: Process 5680 attached [pid 5680] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5679] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5680] <... rseq resumed>) = 0 [pid 5679] <... mprotect resumed>) = 0 [pid 5680] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] memfd_create("syzkaller", 0 [pid 5679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5680] <... memfd_create resumed>) = 3 [pid 5680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5679] <... clone3 resumed> => {parent_tid=[5681]}, 88) = 5681 ./strace-static-x86_64: Process 5681 attached [pid 5680] <... mmap resumed>) = 0x7f4378b51000 [pid 5679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 64.430360][ T5676] loop0: detected capacity change from 0 to 512 [ 64.445779][ T5676] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 64.459631][ T5676] EXT4-fs (loop0): get root inode failed [ 64.465264][ T5676] EXT4-fs (loop0): mount failed [pid 5679] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5681] <... rseq resumed>) = 0 [pid 5681] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5681] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5681] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... write resumed>) = 262144 [pid 5681] <... futex resumed>) = 1 [pid 5679] <... futex resumed>) = 0 [pid 5681] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] munmap(0x7f4378b51000, 262144 [pid 5679] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = 0 [pid 5679] <... futex resumed>) = 1 [pid 5681] fallocate(4, 0, 35143, 7 [pid 5679] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5680] <... munmap resumed>) = 0 [pid 5680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5680] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5680] close(3) = 0 [pid 5681] <... fallocate resumed>) = 0 [pid 5680] mkdir("./file1", 0777 [pid 5681] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... mkdir resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5680] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5681] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] <... futex resumed>) = 0 [pid 5679] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5679] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5681] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5679] <... futex resumed>) = 0 [pid 5681] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = 0 [pid 5679] <... futex resumed>) = 1 [pid 5681] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5679] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... open resumed>) = 3 [pid 5681] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5679] <... futex resumed>) = 0 [pid 5681] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = 0 [pid 5679] <... futex resumed>) = 1 [pid 5681] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5679] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... write resumed>) = 262144 [pid 5681] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5679] <... futex resumed>) = 0 [pid 5681] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5680] ioctl(5, LOOP_CLR_FD) = 0 [pid 5680] close(5) = 0 [pid 5680] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] exit_group(0 [pid 5681] <... futex resumed>) = ? [pid 5680] <... futex resumed>) = ? [pid 5679] <... exit_group resumed>) = ? [pid 5680] +++ exited with 0 +++ [pid 5681] +++ exited with 0 +++ [pid 5679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5679, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/bus") = 0 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached , child_tidptr=0x555556e0f690) = 5682 [pid 5682] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5682] chdir("./165") = 0 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5682] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5682] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5683 attached [pid 5683] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5682] <... clone3 resumed> => {parent_tid=[5683]}, 88) = 5683 [pid 5683] <... rseq resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] set_robust_list(0x7f4380f929a0, 24 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] <... set_robust_list resumed>) = 0 [pid 5682] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... futex resumed>) = 0 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 64.522334][ T5680] loop0: detected capacity change from 0 to 512 [ 64.543127][ T5680] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] memfd_create("syzkaller", 0 [pid 5682] <... futex resumed>) = 0 [pid 5683] <... memfd_create resumed>) = 3 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5682] <... mmap resumed>) = 0x7f4380f51000 [pid 5682] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5683] <... mmap resumed>) = 0x7f4378b51000 [pid 5682] <... mprotect resumed>) = 0 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5684 attached [pid 5684] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5684] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5684] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... clone3 resumed> => {parent_tid=[5684]}, 88) = 5684 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5682] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = 0 [pid 5682] <... futex resumed>) = 1 [pid 5684] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5684] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5684] fallocate(4, 0, 35143, 7 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... write resumed>) = 262144 [pid 5683] munmap(0x7f4378b51000, 262144) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5684] <... fallocate resumed>) = 0 [pid 5684] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5683] <... openat resumed>) = 5 [pid 5682] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] ioctl(5, LOOP_SET_FD, 3 [pid 5682] <... futex resumed>) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5684] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5683] <... ioctl resumed>) = 0 [pid 5682] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] close(3 [pid 5682] <... futex resumed>) = 1 [pid 5683] <... close resumed>) = 0 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] mkdir("./file1", 0777 [pid 5684] <... futex resumed>) = 0 [pid 5683] <... mkdir resumed>) = 0 [pid 5684] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5683] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5684] <... open resumed>) = 3 [pid 5684] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5684] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5683] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5683] ioctl(5, LOOP_CLR_FD) = 0 [pid 5683] close(5) = 0 [pid 5683] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] exit_group(0 [pid 5684] <... futex resumed>) = ? [pid 5682] <... exit_group resumed>) = ? [pid 5684] +++ exited with 0 +++ [pid 5683] <... futex resumed>) = ? [pid 5683] +++ exited with 0 +++ [pid 5682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5682, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/bus") = 0 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5685 ./strace-static-x86_64: Process 5685 attached [pid 5685] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5685] chdir("./166") = 0 [pid 5685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5685] setpgid(0, 0) = 0 [pid 5685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5685] write(3, "1000", 4) = 4 [pid 5685] close(3) = 0 [pid 5685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5685] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5685] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5686]}, 88) = 5686 ./strace-static-x86_64: Process 5686 attached [pid 5686] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] set_robust_list(0x7f4380f929a0, 24 [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5686] <... set_robust_list resumed>) = 0 [pid 5685] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5685] <... futex resumed>) = 0 [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] memfd_create("syzkaller", 0 [pid 5685] <... futex resumed>) = 0 [pid 5686] <... memfd_create resumed>) = 3 [pid 5686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5685] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5687 attached => {parent_tid=[5687]}, 88) = 5687 [ 64.613968][ T5683] loop0: detected capacity change from 0 to 512 [ 64.623876][ T5683] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5687] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5687] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5687] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... write resumed>) = 262144 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] munmap(0x7f4378b72000, 262144 [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5685] <... futex resumed>) = 1 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... open resumed>) = 4 [pid 5687] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... munmap resumed>) = 0 [pid 5686] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5687] <... futex resumed>) = 1 [pid 5685] <... futex resumed>) = 0 [pid 5685] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] fallocate(4, 0, 35143, 7 [pid 5686] <... openat resumed>) = 5 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5686] ioctl(5, LOOP_SET_FD, 3 [pid 5687] <... fallocate resumed>) = 0 [pid 5686] <... ioctl resumed>) = 0 [pid 5687] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] close(3) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5686] mkdir("./file1", 0777) = 0 [pid 5685] <... futex resumed>) = 0 [pid 5686] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5685] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5685] <... futex resumed>) = 0 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5685] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... futex resumed>) = 0 [pid 5687] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5687] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] <... futex resumed>) = 0 [pid 5687] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5685] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5685] <... futex resumed>) = 0 [pid 5685] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... write resumed>) = 262144 [pid 5687] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5687] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5686] ioctl(5, LOOP_CLR_FD) = 0 [pid 5686] close(5) = 0 [pid 5686] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5685] exit_group(0) = ? [pid 5686] <... futex resumed>) = ? [pid 5687] <... futex resumed>) = ? [pid 5686] +++ exited with 0 +++ [pid 5687] +++ exited with 0 +++ [pid 5685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5685, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/bus") = 0 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5688 ./strace-static-x86_64: Process 5688 attached [pid 5688] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5688] chdir("./167") = 0 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5688] write(3, "1000", 4) = 4 [pid 5688] close(3) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5688] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5688] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5689]}, 88) = 5689 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5688] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5688] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5689 attached ) = 0 [pid 5688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5690 attached [pid 5689] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5688] <... clone3 resumed> => {parent_tid=[5690]}, 88) = 5690 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5688] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5689] <... rseq resumed>) = 0 [pid 5690] <... rseq resumed>) = 0 [pid 5689] set_robust_list(0x7f4380f929a0, 24 [pid 5690] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5689] <... set_robust_list resumed>) = 0 [pid 5690] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5689] memfd_create("syzkaller", 0) = 4 [pid 5690] <... open resumed>) = 3 [pid 5689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5690] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... mmap resumed>) = 0x7f4378b51000 [pid 5690] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5690] fallocate(3, 0, 35143, 7 [pid 5689] <... write resumed>) = 262144 [pid 5689] munmap(0x7f4378b51000, 262144) = 0 [ 64.680061][ T5686] loop0: detected capacity change from 0 to 512 [ 64.697561][ T5686] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5689] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5690] <... fallocate resumed>) = 0 [pid 5690] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... openat resumed>) = 5 [pid 5690] <... futex resumed>) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5690] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] ioctl(5, LOOP_SET_FD, 4 [pid 5688] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5690] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5688] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... mount resumed>) = 0 [pid 5690] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5690] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] <... ioctl resumed>) = 0 [pid 5690] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5689] close(4 [pid 5690] <... open resumed>) = 6 [pid 5689] <... close resumed>) = 0 [pid 5690] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] mkdir("./file1", 0777 [pid 5690] <... futex resumed>) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5689] <... mkdir resumed>) = 0 [pid 5689] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5690] <... write resumed>) = 262144 [pid 5690] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5690] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5689] ioctl(5, LOOP_CLR_FD) = 0 [pid 5689] close(5) = 0 [pid 5689] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] exit_group(0 [pid 5690] <... futex resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5688] <... exit_group resumed>) = ? [pid 5689] <... futex resumed>) = ? [pid 5689] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5688, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/bus") = 0 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5691 attached , child_tidptr=0x555556e0f690) = 5691 [pid 5691] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5691] chdir("./168") = 0 [pid 5691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5691] setpgid(0, 0) = 0 [pid 5691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5691] write(3, "1000", 4) = 4 [pid 5691] close(3) = 0 [pid 5691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5691] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5691] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5692 attached [pid 5692] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5691] <... clone3 resumed> => {parent_tid=[5692]}, 88) = 5692 [pid 5692] set_robust_list(0x7f4380f929a0, 24 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] <... set_robust_list resumed>) = 0 [pid 5691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5691] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] memfd_create("syzkaller", 0 [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5692] <... memfd_create resumed>) = 3 [pid 5691] <... mmap resumed>) = 0x7f4380f51000 [pid 5692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 64.772296][ T5689] loop0: detected capacity change from 0 to 512 [ 64.785639][ T5689] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5691] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5691] <... mprotect resumed>) = 0 [pid 5691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5693]}, 88) = 5693 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5691] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... write resumed>) = 262144 [pid 5692] munmap(0x7f4378b51000, 262144) = 0 [pid 5692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5692] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5693 attached [pid 5693] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5693] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5692] <... ioctl resumed>) = 0 [pid 5692] close(3) = 0 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] mkdir("./file1", 0777 [pid 5693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5693] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5692] <... mkdir resumed>) = 0 [pid 5692] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5693] <... open resumed>) = 3 [pid 5693] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] fallocate(3, 0, 35143, 7) = 0 [pid 5693] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5693] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = 1 [pid 5693] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5691] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... open resumed>) = 5 [pid 5693] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5693] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] <... futex resumed>) = 0 [pid 5693] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5691] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... write resumed>) = 262144 [pid 5693] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [ 64.822772][ T5692] loop0: detected capacity change from 0 to 512 [ 64.843893][ T5692] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor369: lblock 0 mapped to illegal pblock 9 (length 1) [pid 5692] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5692] ioctl(4, LOOP_CLR_FD) = 0 [pid 5692] close(4) = 0 [pid 5692] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] exit_group(0 [pid 5692] <... futex resumed>) = ? [pid 5693] <... futex resumed>) = ? [pid 5691] <... exit_group resumed>) = ? [pid 5692] +++ exited with 0 +++ [pid 5693] +++ exited with 0 +++ [pid 5691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5691, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/bus") = 0 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5697 attached [pid 5697] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5697] chdir("./169") = 0 [pid 5697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5697 [pid 5697] setpgid(0, 0) = 0 [pid 5697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5697] write(3, "1000", 4) = 4 [pid 5697] close(3) = 0 [pid 5697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5697] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5697] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5698]}, 88) = 5698 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5697] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5697] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5698 attached [pid 5698] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5697] <... clone3 resumed> => {parent_tid=[5699]}, 88) = 5699 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5697] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 5699 attached [pid 5698] set_robust_list(0x7f4380f929a0, 24 [pid 5697] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5699] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5699] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5698] <... set_robust_list resumed>) = 0 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5698] memfd_create("syzkaller", 0 [pid 5699] <... open resumed>) = 3 [pid 5699] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5699] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] <... futex resumed>) = 0 [pid 5699] fallocate(3, 0, 35143, 7 [pid 5697] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... memfd_create resumed>) = 4 [pid 5698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 64.858942][ T5692] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 64.874685][ T5692] EXT4-fs (loop0): mount failed [pid 5698] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5699] <... fallocate resumed>) = 0 [pid 5699] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5699] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] <... futex resumed>) = 0 [pid 5699] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5697] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... write resumed>) = 262144 [pid 5699] <... mount resumed>) = 0 [pid 5698] munmap(0x7f4378b51000, 262144 [pid 5699] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5698] <... munmap resumed>) = 0 [pid 5697] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5697] <... futex resumed>) = 0 [pid 5699] <... open resumed>) = 5 [pid 5697] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5697] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5697] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5699] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5699] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5698] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5698] close(4) = 0 [pid 5698] mkdir("./file1", 0777) = 0 [pid 5698] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5698] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5698] chdir("./file1") = 0 [pid 5698] ioctl(6, LOOP_CLR_FD) = 0 [pid 5698] close(6) = 0 [pid 5698] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] exit_group(0) = ? [pid 5698] <... futex resumed>) = ? [pid 5699] <... futex resumed>) = ? [pid 5698] +++ exited with 0 +++ [pid 5699] +++ exited with 0 +++ [pid 5697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5697, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/bus") = 0 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.940402][ T5698] loop0: detected capacity change from 0 to 512 [ 64.959996][ T5698] EXT4-fs (loop0): 1 orphan inode deleted [ 64.965735][ T5698] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/169/file1 supports timestamps until 2038-01-19 (0x7fffffff) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5702 ./strace-static-x86_64: Process 5702 attached [pid 5702] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5702] chdir("./170") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5702] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5703 attached [pid 5703] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5702] <... clone3 resumed> => {parent_tid=[5703]}, 88) = 5703 [pid 5703] <... rseq resumed>) = 0 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5703] set_robust_list(0x7f4380f929a0, 24 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] <... set_robust_list resumed>) = 0 [pid 5702] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] <... futex resumed>) = 0 [pid 5703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] memfd_create("syzkaller", 0 [pid 5702] <... futex resumed>) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5703] <... memfd_create resumed>) = 3 [pid 5702] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5702] <... mprotect resumed>) = 0 [pid 5703] <... mmap resumed>) = 0x7f4378b51000 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5704 attached [pid 5704] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5704] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5704] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... clone3 resumed> => {parent_tid=[5704]}, 88) = 5704 [pid 5703] <... write resumed>) = 262144 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5703] munmap(0x7f4378b51000, 262144 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5704] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... munmap resumed>) = 0 [pid 5704] <... open resumed>) = 4 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5704] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... openat resumed>) = 5 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... futex resumed>) = 1 [pid 5704] fallocate(4, 0, 35143, 7 [pid 5703] ioctl(5, LOOP_SET_FD, 3 [pid 5704] <... fallocate resumed>) = 0 [pid 5704] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... ioctl resumed>) = 0 [pid 5703] close(3) = 0 [pid 5703] mkdir("./file1", 0777 [pid 5704] <... futex resumed>) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5703] <... mkdir resumed>) = 0 [pid 5703] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5704] <... mount resumed>) = 0 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... open resumed>) = 3 [pid 5704] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... write resumed>) = 262144 [pid 5704] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5704] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5703] ioctl(5, LOOP_CLR_FD) = 0 [pid 5703] close(5) = 0 [pid 5703] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] exit_group(0) = ? [pid 5703] <... futex resumed>) = ? [pid 5703] +++ exited with 0 +++ [pid 5704] <... futex resumed>) = ? [pid 5704] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/bus") = 0 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5705 ./strace-static-x86_64: Process 5705 attached [pid 5705] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5705] chdir("./171") = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5705] setpgid(0, 0) = 0 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5705] write(3, "1000", 4) = 4 [pid 5705] close(3) = 0 [pid 5705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5705] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5705] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5706]}, 88) = 5706 [ 65.056775][ T5703] loop0: detected capacity change from 0 to 512 [ 65.068497][ T5703] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 65.078363][ T5703] EXT4-fs (loop0): group descriptors corrupted! [pid 5705] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5706 attached NULL, 8) = 0 [pid 5706] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5706] set_robust_list(0x7f4380f929a0, 24 [pid 5705] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5705] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5706] <... set_robust_list resumed>) = 0 [pid 5706] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5706] memfd_create("syzkaller", 0 [pid 5705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5706] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5707 attached [pid 5707] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5705] <... clone3 resumed> => {parent_tid=[5707]}, 88) = 5707 [pid 5707] <... rseq resumed>) = 0 [pid 5706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5707] set_robust_list(0x7f4380f719a0, 24 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] <... set_robust_list resumed>) = 0 [pid 5706] <... mmap resumed>) = 0x7f4378b51000 [pid 5705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5705] <... futex resumed>) = 0 [pid 5707] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5705] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... open resumed>) = 4 [pid 5707] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... futex resumed>) = 1 [pid 5707] fallocate(4, 0, 35143, 7 [pid 5706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5706] munmap(0x7f4378b51000, 262144 [pid 5707] <... fallocate resumed>) = 0 [pid 5707] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... munmap resumed>) = 0 [pid 5707] <... futex resumed>) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5706] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] <... openat resumed>) = 5 [pid 5707] <... mount resumed>) = 0 [pid 5707] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] ioctl(5, LOOP_SET_FD, 3 [pid 5707] <... futex resumed>) = 1 [pid 5706] <... ioctl resumed>) = 0 [pid 5707] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] close(3) = 0 [pid 5706] mkdir("./file1", 0777 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5707] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5705] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... open resumed>) = 3 [pid 5707] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5707] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5707] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5706] <... mkdir resumed>) = 0 [pid 5705] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5707] <... write resumed>) = 262144 [pid 5707] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] <... futex resumed>) = 0 [pid 5706] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5706] ioctl(5, LOOP_CLR_FD) = 0 [pid 5706] close(5) = 0 [pid 5706] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5706] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] exit_group(0) = ? [pid 5707] <... futex resumed>) = ? [pid 5706] <... futex resumed>) = ? [pid 5706] +++ exited with 0 +++ [pid 5707] +++ exited with 0 +++ [pid 5705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5705, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/bus") = 0 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 65.151513][ T5706] loop0: detected capacity change from 0 to 512 [ 65.165147][ T5706] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5708 ./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5708] chdir("./172") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5708] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5708] <... clone3 resumed> => {parent_tid=[5709]}, 88) = 5709 [pid 5709] <... rseq resumed>) = 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5708] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] memfd_create("syzkaller", 0 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... memfd_create resumed>) = 3 [pid 5708] <... futex resumed>) = 0 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5709] <... mmap resumed>) = 0x7f4378b72000 [pid 5708] <... mmap resumed>) = 0x7f4378b51000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5708] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5710 attached => {parent_tid=[5710]}, 88) = 5710 [pid 5709] <... write resumed>) = 262144 [pid 5709] munmap(0x7f4378b72000, 262144) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3 [pid 5710] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] <... rseq resumed>) = 0 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] set_robust_list(0x7f4378b719a0, 24 [pid 5708] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... set_robust_list resumed>) = 0 [pid 5708] <... futex resumed>) = 0 [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5710] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [pid 5710] fallocate(5, 0, 35143, 7 [pid 5709] <... ioctl resumed>) = 0 [pid 5709] close(3) = 0 [pid 5709] mkdir("./file1", 0777) = 0 [pid 5709] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5710] <... fallocate resumed>) = 0 [pid 5710] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5710] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5710] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5710] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5710] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5708] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... open resumed>) = 3 [pid 5710] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] <... futex resumed>) = 0 [pid 5708] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5710] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5709] <... mount resumed>) = 0 [pid 5709] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5709] chdir("./file1") = 0 [pid 5709] ioctl(4, LOOP_CLR_FD) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] exit_group(0 [pid 5710] <... futex resumed>) = ? [pid 5708] <... exit_group resumed>) = ? [pid 5710] +++ exited with 0 +++ [pid 5709] <... futex resumed>) = ? [pid 5709] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/bus") = 0 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 [ 65.231219][ T5709] loop0: detected capacity change from 0 to 512 [ 65.251313][ T5709] EXT4-fs (loop0): 1 orphan inode deleted [ 65.257423][ T5709] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/172/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5713 attached , child_tidptr=0x555556e0f690) = 5713 [pid 5713] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5713] chdir("./173") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5713] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 65.289243][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 65.298998][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5714 attached [pid 5714] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5713] <... clone3 resumed> => {parent_tid=[5714]}, 88) = 5714 [pid 5714] <... rseq resumed>) = 0 [pid 5714] set_robust_list(0x7f4380f929a0, 24 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] <... set_robust_list resumed>) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] memfd_create("syzkaller", 0 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... memfd_create resumed>) = 3 [pid 5713] <... futex resumed>) = 0 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5713] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5715]}, 88) = 5715 ./strace-static-x86_64: Process 5715 attached [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5715] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5713] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... rseq resumed>) = 0 [pid 5715] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5715] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5714] <... write resumed>) = 262144 [pid 5715] <... open resumed>) = 4 [pid 5714] munmap(0x7f4378b72000, 262144 [pid 5715] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... munmap resumed>) = 0 [pid 5715] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5713] <... futex resumed>) = 0 [pid 5714] <... openat resumed>) = 5 [pid 5713] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] ioctl(5, LOOP_SET_FD, 3 [pid 5713] <... futex resumed>) = 1 [pid 5715] fallocate(4, 0, 35143, 7 [pid 5713] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... ioctl resumed>) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./file1", 0777) = 0 [pid 5715] <... fallocate resumed>) = 0 [pid 5715] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5715] <... futex resumed>) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5715] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5715] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5713] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... mount resumed>) = 0 [pid 5715] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5715] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5715] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5713] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... open resumed>) = 3 [pid 5715] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5715] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5715] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5713] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... write resumed>) = 262144 [pid 5715] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5715] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5714] ioctl(5, LOOP_CLR_FD) = 0 [pid 5714] close(5) = 0 [pid 5714] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] exit_group(0) = ? [pid 5715] <... futex resumed>) = ? [pid 5715] +++ exited with 0 +++ [pid 5714] <... futex resumed>) = ? [pid 5714] +++ exited with 0 +++ [pid 5713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5713, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/bus") = 0 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5716 attached , child_tidptr=0x555556e0f690) = 5716 [pid 5716] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5716] chdir("./174") = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5716] setpgid(0, 0) = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5716] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5716] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5717]}, 88) = 5717 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5716] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5716] <... futex resumed>) = 0 [pid 5717] <... rseq resumed>) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5717] set_robust_list(0x7f4380f929a0, 24 [pid 5716] <... mmap resumed>) = 0x7f4380f51000 [pid 5717] <... set_robust_list resumed>) = 0 [pid 5716] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] <... mprotect resumed>) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5718 attached => {parent_tid=[5718]}, 88) = 5718 [pid 5718] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5718] set_robust_list(0x7f4380f719a0, 24 [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5718] <... set_robust_list resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] <... futex resumed>) = 0 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5717] memfd_create("syzkaller", 0 [pid 5718] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5717] <... memfd_create resumed>) = 3 [pid 5716] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... open resumed>) = 4 [pid 5717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5718] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5717] <... mmap resumed>) = 0x7f4378b51000 [pid 5716] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5718] fallocate(4, 0, 35143, 7 [pid 5716] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5718] <... fallocate resumed>) = 0 [ 65.366447][ T5714] loop0: detected capacity change from 0 to 512 [ 65.387043][ T5714] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5718] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5716] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5717] <... write resumed>) = 262144 [pid 5717] munmap(0x7f4378b51000, 262144 [pid 5718] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5717] <... munmap resumed>) = 0 [pid 5716] <... futex resumed>) = 0 [pid 5718] <... open resumed>) = 5 [pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5716] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5718] <... futex resumed>) = 1 [pid 5716] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5716] <... futex resumed>) = 0 [pid 5718] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5716] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] <... openat resumed>) = 6 [pid 5717] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5717] close(3) = 0 [pid 5717] mkdir("./file1", 0777) = 0 [pid 5717] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5717] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5717] chdir("./file1") = 0 [pid 5717] ioctl(6, LOOP_CLR_FD) = 0 [pid 5717] close(6) = 0 [pid 5717] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] exit_group(0) = ? [pid 5717] +++ exited with 0 +++ [pid 5718] <... futex resumed>) = ? [pid 5718] +++ exited with 0 +++ [pid 5716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5716, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/bus") = 0 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 65.453413][ T5717] loop0: detected capacity change from 0 to 512 [ 65.469858][ T5717] EXT4-fs (loop0): 1 orphan inode deleted [ 65.475847][ T5717] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/174/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5721 attached , child_tidptr=0x555556e0f690) = 5721 [pid 5721] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5721] chdir("./175") = 0 [pid 5721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5721] setpgid(0, 0) = 0 [pid 5721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5721] write(3, "1000", 4) = 4 [pid 5721] close(3) = 0 [pid 5721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5721] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5721] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5722 attached [pid 5722] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5721] <... clone3 resumed> => {parent_tid=[5722]}, 88) = 5722 [pid 5722] <... rseq resumed>) = 0 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] set_robust_list(0x7f4380f929a0, 24 [pid 5721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5722] <... set_robust_list resumed>) = 0 [pid 5721] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5721] <... futex resumed>) = 0 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] memfd_create("syzkaller", 0 [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5722] <... memfd_create resumed>) = 3 [pid 5721] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5721] <... mprotect resumed>) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5723]}, 88) = 5723 ./strace-static-x86_64: Process 5723 attached [pid 5722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5721] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5723] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5722] <... write resumed>) = 262144 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] munmap(0x7f4378b51000, 262144 [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5722] <... munmap resumed>) = 0 [pid 5722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5722] ioctl(5, LOOP_SET_FD, 3 [pid 5723] <... open resumed>) = 4 [pid 5723] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... ioctl resumed>) = 0 [pid 5722] close(3) = 0 [pid 5722] mkdir("./file1", 0777 [pid 5723] fallocate(4, 0, 35143, 7 [pid 5722] <... mkdir resumed>) = 0 [pid 5722] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5723] <... fallocate resumed>) = 0 [pid 5723] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... futex resumed>) = 1 [pid 5723] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5723] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... futex resumed>) = 1 [pid 5723] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5723] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... futex resumed>) = 1 [pid 5723] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5723] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [ 65.552994][ T5722] loop0: detected capacity change from 0 to 512 [ 65.569967][ T5724] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 65.570310][ T5722] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 65.594668][ T5722] EXT4-fs (loop0): get root inode failed [pid 5723] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5722] ioctl(5, LOOP_CLR_FD) = 0 [pid 5722] close(5) = 0 [pid 5722] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] exit_group(0) = ? [pid 5722] <... futex resumed>) = ? [pid 5722] +++ exited with 0 +++ [pid 5723] <... futex resumed>) = ? [pid 5723] +++ exited with 0 +++ [pid 5721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5721, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/bus") = 0 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 [ 65.600322][ T5722] EXT4-fs (loop0): mount failed openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5726 ./strace-static-x86_64: Process 5726 attached [pid 5726] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5726] chdir("./176") = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5726] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5727]}, 88) = 5727 [pid 5726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5727 attached [pid 5727] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... rseq resumed>) = 0 [pid 5726] <... futex resumed>) = 0 [pid 5727] set_robust_list(0x7f4380f929a0, 24 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5727] <... set_robust_list resumed>) = 0 [pid 5726] <... mmap resumed>) = 0x7f4380f51000 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5727] memfd_create("syzkaller", 0 [pid 5726] <... mprotect resumed>) = 0 [pid 5726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5727] <... memfd_create resumed>) = 3 [pid 5727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5728 attached ) = 0x7f4378b51000 [pid 5726] <... clone3 resumed> => {parent_tid=[5728]}, 88) = 5728 [pid 5728] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... rseq resumed>) = 0 [pid 5727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5728] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5728] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5728] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] <... futex resumed>) = 0 [pid 5727] <... write resumed>) = 262144 [pid 5726] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] fallocate(4, 0, 35143, 7 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] munmap(0x7f4378b51000, 262144) = 0 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5727] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5727] close(3) = 0 [pid 5727] mkdir("./file1", 0777) = 0 [pid 5727] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5728] <... fallocate resumed>) = 0 [pid 5728] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5726] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5726] <... futex resumed>) = 0 [pid 5728] <... mount resumed>) = 0 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... futex resumed>) = 1 [pid 5728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5728] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5726] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... write resumed>) = 262144 [pid 5728] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5728] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] <... mount resumed>) = 0 [pid 5727] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5727] chdir("./file1") = 0 [pid 5727] ioctl(5, LOOP_CLR_FD) = 0 [pid 5727] close(5) = 0 [pid 5727] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] exit_group(0 [pid 5727] <... futex resumed>) = ? [pid 5727] +++ exited with 0 +++ [pid 5726] <... exit_group resumed>) = ? [pid 5728] <... futex resumed>) = ? [pid 5728] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/bus") = 0 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 [ 65.670903][ T5727] loop0: detected capacity change from 0 to 512 [ 65.689949][ T5727] EXT4-fs (loop0): 1 orphan inode deleted [ 65.695782][ T5727] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/176/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached , child_tidptr=0x555556e0f690) = 5731 [pid 5731] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5731] chdir("./177") = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5731] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5732]}, 88) = 5732 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5731] <... futex resumed>) = 0 [pid 5732] <... rseq resumed>) = 0 [pid 5732] set_robust_list(0x7f4380f929a0, 24 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5732] <... set_robust_list resumed>) = 0 [pid 5731] <... mmap resumed>) = 0x7f4380f51000 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5732] memfd_create("syzkaller", 0) = 3 [pid 5731] <... mprotect resumed>) = 0 [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5732] <... mmap resumed>) = 0x7f4378b51000 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5733 attached [pid 5733] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5731] <... clone3 resumed> => {parent_tid=[5733]}, 88) = 5733 [pid 5733] <... rseq resumed>) = 0 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], [pid 5733] set_robust_list(0x7f4380f719a0, 24 [pid 5731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5733] <... set_robust_list resumed>) = 0 [pid 5731] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] <... futex resumed>) = 0 [pid 5733] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... open resumed>) = 4 [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5733] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... futex resumed>) = 1 [pid 5733] fallocate(4, 0, 35143, 7 [pid 5732] <... write resumed>) = 262144 [pid 5732] munmap(0x7f4378b51000, 262144) = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 65.725490][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 65.735140][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5732] ioctl(5, LOOP_SET_FD, 3 [pid 5733] <... fallocate resumed>) = 0 [pid 5733] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... ioctl resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] close(3 [pid 5733] <... mount resumed>) = 0 [pid 5732] <... close resumed>) = 0 [pid 5732] mkdir("./file1", 0777 [pid 5733] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... open resumed>) = 3 [pid 5733] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... mkdir resumed>) = 0 [pid 5732] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5733] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5733] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5733] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5732] ioctl(5, LOOP_CLR_FD) = 0 [pid 5732] close(5) = 0 [pid 5732] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] exit_group(0 [pid 5733] <... futex resumed>) = ? [pid 5731] <... exit_group resumed>) = ? [pid 5733] +++ exited with 0 +++ [pid 5732] +++ exited with 0 +++ [pid 5731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5731, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/bus") = 0 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5736] chdir("./178") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5736 [pid 5736] <... openat resumed>) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5736] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5737]}, 88) = 5737 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5736] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5736] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5738 attached [pid 5738] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5738] set_robust_list(0x7f4380f719a0, 24 [pid 5736] <... clone3 resumed> => {parent_tid=[5738]}, 88) = 5738 [pid 5738] <... set_robust_list resumed>) = 0 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] rt_sigprocmask(SIG_SETMASK, [], [pid 5736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5736] <... futex resumed>) = 0 [pid 5738] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 65.785360][ T5732] loop0: detected capacity change from 0 to 512 [ 65.808280][ T5732] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor369: iget: special inode unallocated [ 65.821201][ T5732] EXT4-fs (loop0): get root inode failed [ 65.827071][ T5732] EXT4-fs (loop0): mount failed [pid 5736] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... open resumed>) = 3 [pid 5738] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5736] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] fallocate(3, 0, 35143, 7 [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5737 attached [pid 5737] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5737] memfd_create("syzkaller", 0) = 4 [pid 5737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5738] <... fallocate resumed>) = 0 [pid 5738] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5736] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5736] <... futex resumed>) = 0 [pid 5738] <... mount resumed>) = 0 [pid 5736] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... futex resumed>) = 1 [pid 5738] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5737] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5738] <... open resumed>) = 5 [pid 5738] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5736] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5738] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5738] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] <... write resumed>) = 262144 [pid 5737] munmap(0x7f4378b51000, 262144) = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5737] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5737] close(4) = 0 [pid 5737] mkdir("./file1", 0777) = 0 [pid 5737] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5737] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5737] chdir("./file1") = 0 [pid 5737] ioctl(6, LOOP_CLR_FD) = 0 [pid 5737] close(6) = 0 [pid 5737] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] exit_group(0 [pid 5738] <... futex resumed>) = ? [pid 5737] <... futex resumed>) = ? [pid 5736] <... exit_group resumed>) = ? [pid 5738] +++ exited with 0 +++ [pid 5737] +++ exited with 0 +++ [pid 5736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/bus") = 0 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5742 attached [pid 5742] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5742] chdir("./179") = 0 [ 65.891538][ T5737] loop0: detected capacity change from 0 to 512 [ 65.911112][ T5737] EXT4-fs (loop0): 1 orphan inode deleted [ 65.916985][ T5737] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/178/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5742] setpgid(0, 0) = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5742] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5742 [pid 5742] <... clone3 resumed> => {parent_tid=[5743]}, 88) = 5743 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5742] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5742] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5744 attached => {parent_tid=[5744]}, 88) = 5744 [pid 5744] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] <... rseq resumed>) = 0 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5742] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5742] <... futex resumed>) = 0 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5742] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5743 attached [pid 5744] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5743] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5744] <... open resumed>) = 3 [pid 5743] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5744] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 1 [pid 5744] fallocate(3, 0, 35143, 7 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] memfd_create("syzkaller", 0 [pid 5744] <... fallocate resumed>) = 0 [pid 5743] <... memfd_create resumed>) = 4 [pid 5744] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5744] <... futex resumed>) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5744] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... mmap resumed>) = 0x7f4378b51000 [pid 5742] <... futex resumed>) = 0 [pid 5744] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5742] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... mount resumed>) = 0 [pid 5744] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5742] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... open resumed>) = 5 [pid 5744] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5742] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5742] <... futex resumed>) = 0 [pid 5744] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5742] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5744] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5743] munmap(0x7f4378b51000, 262144) = 0 [pid 5743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5743] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5743] close(4) = 0 [pid 5743] mkdir("./file1", 0777) = 0 [pid 5743] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5743] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5743] chdir("./file1") = 0 [pid 5743] ioctl(6, LOOP_CLR_FD) = 0 [pid 5743] close(6) = 0 [pid 5743] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] exit_group(0 [pid 5744] <... futex resumed>) = ? [pid 5742] <... exit_group resumed>) = ? [pid 5744] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ [pid 5742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5742, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/bus") = 0 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5747 attached [pid 5747] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5747] chdir("./180") = 0 [pid 5747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5747] setpgid(0, 0) = 0 [pid 5747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5747] write(3, "1000", 4) = 4 [pid 5747] close(3) = 0 [pid 5747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5747] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5747 [pid 5747] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5747] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5748 attached [pid 5748] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5747] <... clone3 resumed> => {parent_tid=[5748]}, 88) = 5748 [pid 5748] <... rseq resumed>) = 0 [pid 5747] rt_sigprocmask(SIG_SETMASK, [], [pid 5748] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5748] memfd_create("syzkaller", 0 [pid 5747] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.005151][ T5743] loop0: detected capacity change from 0 to 512 [ 66.020378][ T5743] EXT4-fs (loop0): 1 orphan inode deleted [ 66.026389][ T5743] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/179/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5747] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] <... memfd_create resumed>) = 3 [pid 5747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5747] <... mmap resumed>) = 0x7f4380f51000 [pid 5747] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5749 attached [pid 5747] <... clone3 resumed> => {parent_tid=[5749]}, 88) = 5749 [pid 5749] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5747] rt_sigprocmask(SIG_SETMASK, [], [pid 5749] <... rseq resumed>) = 0 [pid 5749] set_robust_list(0x7f4380f719a0, 24 [pid 5747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5749] <... set_robust_list resumed>) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], [pid 5747] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5748] <... write resumed>) = 262144 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5747] <... futex resumed>) = 0 [pid 5749] <... open resumed>) = 4 [pid 5747] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5749] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5749] fallocate(4, 0, 35143, 7 [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] munmap(0x7f4378b51000, 262144) = 0 [pid 5748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5748] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5748] close(3) = 0 [pid 5748] mkdir("./file1", 0777) = 0 [pid 5748] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5749] <... fallocate resumed>) = 0 [pid 5749] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 0 [pid 5749] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5749] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5749] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5747] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... open resumed>) = 3 [pid 5749] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5749] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5747] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... write resumed>) = 262144 [pid 5749] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] <... futex resumed>) = 0 [pid 5748] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5748] ioctl(5, LOOP_CLR_FD) = 0 [pid 5748] close(5) = 0 [pid 5748] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] exit_group(0) = ? [pid 5748] <... futex resumed>) = ? [pid 5749] <... futex resumed>) = ? [pid 5748] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ [pid 5747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5747, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/bus") = 0 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached , child_tidptr=0x555556e0f690) = 5750 [pid 5750] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5750] chdir("./181") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5750] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5751 attached => {parent_tid=[5751]}, 88) = 5751 [pid 5751] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5751] <... rseq resumed>) = 0 [pid 5751] set_robust_list(0x7f4380f929a0, 24 [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5751] <... set_robust_list resumed>) = 0 [pid 5750] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] <... futex resumed>) = 0 [pid 5751] memfd_create("syzkaller", 0 [pid 5750] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5751] <... memfd_create resumed>) = 3 [pid 5750] <... mmap resumed>) = 0x7f4380f51000 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5750] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5752]}, 88) = 5752 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.095831][ T5748] loop0: detected capacity change from 0 to 512 [ 66.117447][ T5748] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5750] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... write resumed>) = 262144 [pid 5751] munmap(0x7f4378b51000, 262144) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5752 attached ) = 0 [pid 5751] close(3) = 0 [pid 5751] mkdir("./file1", 0777 [pid 5752] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5752] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5752] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5751] <... mkdir resumed>) = 0 [pid 5751] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5752] <... open resumed>) = 3 [pid 5752] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] fallocate(3, 0, 35143, 7) = 0 [pid 5752] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5752] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5752] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5750] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] <... open resumed>) = 5 [pid 5752] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5752] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5750] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] <... write resumed>) = 262144 [pid 5752] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5752] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5751] ioctl(4, LOOP_CLR_FD) = 0 [pid 5751] close(4) = 0 [pid 5751] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] exit_group(0 [pid 5752] <... futex resumed>) = ? [pid 5752] +++ exited with 0 +++ [pid 5751] <... futex resumed>) = ? [pid 5750] <... exit_group resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/bus") = 0 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5753 attached , child_tidptr=0x555556e0f690) = 5753 [pid 5753] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5753] chdir("./182") = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5753] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5754 attached => {parent_tid=[5754]}, 88) = 5754 [pid 5754] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5753] rt_sigprocmask(SIG_SETMASK, [], [pid 5754] <... rseq resumed>) = 0 [pid 5753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] set_robust_list(0x7f4380f929a0, 24 [pid 5753] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... set_robust_list resumed>) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5753] <... futex resumed>) = 0 [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] memfd_create("syzkaller", 0 [pid 5753] <... futex resumed>) = 0 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5754] <... memfd_create resumed>) = 3 [pid 5754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5753] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5754] <... mmap resumed>) = 0x7f4378b51000 [pid 5753] <... mprotect resumed>) = 0 [pid 5754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5755]}, 88) = 5755 ./strace-static-x86_64: Process 5755 attached [pid 5753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5753] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5755] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5755] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5755] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5755] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... write resumed>) = 262144 [pid 5754] munmap(0x7f4378b51000, 262144) = 0 [pid 5754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 66.160409][ T5751] loop0: detected capacity change from 0 to 512 [ 66.187690][ T5751] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5754] ioctl(5, LOOP_SET_FD, 3 [pid 5755] <... futex resumed>) = 0 [pid 5755] fallocate(4, 0, 35143, 7 [pid 5754] <... ioctl resumed>) = 0 [pid 5754] close(3) = 0 [pid 5754] mkdir("./file1", 0777) = 0 [pid 5754] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5755] <... fallocate resumed>) = 0 [pid 5755] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... futex resumed>) = 0 [pid 5755] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5755] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5755] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5755] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5753] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... write resumed>) = 262144 [pid 5755] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... futex resumed>) = 0 [ 66.235768][ T5754] loop0: detected capacity change from 0 to 512 [ 66.265391][ T5754] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz-executor369: bad orphan inode 16 [ 66.276208][ T5754] ext4_test_bit(bit=15, block=18) = 0 [pid 5754] <... mount resumed>) = 0 [pid 5754] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5754] chdir("./file1") = 0 [pid 5754] ioctl(5, LOOP_CLR_FD) = 0 [pid 5754] close(5) = 0 [pid 5754] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] exit_group(0 [pid 5755] <... futex resumed>) = ? [pid 5755] +++ exited with 0 +++ [pid 5754] <... futex resumed>) = ? [pid 5754] +++ exited with 0 +++ [pid 5753] <... exit_group resumed>) = ? [pid 5753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5753, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/bus") = 0 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5758 ./strace-static-x86_64: Process 5758 attached [pid 5758] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5758] chdir("./183") = 0 [pid 5758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5758] setpgid(0, 0) = 0 [pid 5758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5758] write(3, "1000", 4) = 4 [pid 5758] close(3) = 0 [pid 5758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5758] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5758] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5759 attached => {parent_tid=[5759]}, 88) = 5759 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5758] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.282243][ T5754] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/182/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.314898][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 66.324451][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5758] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5758] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5759] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5758] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5759] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5759] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5760 attached NULL, 8) = 0 [pid 5760] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5759] memfd_create("syzkaller", 0) = 3 [pid 5760] <... rseq resumed>) = 0 [pid 5758] <... clone3 resumed> => {parent_tid=[5760]}, 88) = 5760 [pid 5760] set_robust_list(0x7f4380f719a0, 24 [pid 5759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5760] <... set_robust_list resumed>) = 0 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5759] <... mmap resumed>) = 0x7f4378b51000 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5758] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... open resumed>) = 4 [pid 5760] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5758] <... futex resumed>) = 0 [pid 5758] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5760] fallocate(4, 0, 35143, 7 [pid 5759] <... write resumed>) = 262144 [pid 5759] munmap(0x7f4378b51000, 262144) = 0 [pid 5759] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5760] <... fallocate resumed>) = 0 [pid 5760] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... openat resumed>) = 5 [pid 5758] <... futex resumed>) = 0 [pid 5760] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] ioctl(5, LOOP_SET_FD, 3 [pid 5758] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5758] <... futex resumed>) = 1 [pid 5760] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5760] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... ioctl resumed>) = 0 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5759] close(3 [pid 5758] <... futex resumed>) = 1 [pid 5759] <... close resumed>) = 0 [pid 5758] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] mkdir("./file1", 0777 [pid 5760] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5759] <... mkdir resumed>) = 0 [pid 5759] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5760] <... open resumed>) = 3 [pid 5760] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = 0 [pid 5758] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... futex resumed>) = 1 [pid 5760] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5760] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5760] <... futex resumed>) = 1 [pid 5760] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] <... futex resumed>) = 0 [pid 5759] ioctl(5, LOOP_CLR_FD) = 0 [pid 5759] close(5) = 0 [pid 5759] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] exit_group(0 [pid 5760] <... futex resumed>) = ? [pid 5759] <... futex resumed>) = ? [pid 5758] <... exit_group resumed>) = ? [pid 5760] +++ exited with 0 +++ [pid 5759] +++ exited with 0 +++ [pid 5758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5758, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/bus") = 0 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5763 attached , child_tidptr=0x555556e0f690) = 5763 [pid 5763] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5763] chdir("./184") = 0 [pid 5763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5763] setpgid(0, 0) = 0 [pid 5763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5763] write(3, "1000", 4) = 4 [ 66.385916][ T5759] loop0: detected capacity change from 0 to 512 [ 66.398726][ T5759] EXT4-fs (loop0): failed to initialize system zone (-117) [ 66.405939][ T5759] EXT4-fs (loop0): mount failed [pid 5763] close(3) = 0 [pid 5763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5763] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5763] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5764 attached => {parent_tid=[5764]}, 88) = 5764 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5763] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5764] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5763] <... mprotect resumed>) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5764] <... rseq resumed>) = 0 [pid 5763] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5764] set_robust_list(0x7f4380f929a0, 24 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5765 attached [pid 5764] <... set_robust_list resumed>) = 0 [pid 5765] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5764] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] <... clone3 resumed> => {parent_tid=[5765]}, 88) = 5765 [pid 5765] <... rseq resumed>) = 0 [pid 5764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] memfd_create("syzkaller", 0 [pid 5765] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5765] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5764] <... memfd_create resumed>) = 3 [pid 5764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5765] <... open resumed>) = 4 [pid 5764] <... mmap resumed>) = 0x7f4378b51000 [pid 5765] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5765] <... futex resumed>) = 1 [pid 5765] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] fallocate(4, 0, 35143, 7 [pid 5764] <... write resumed>) = 262144 [pid 5764] munmap(0x7f4378b51000, 262144) = 0 [pid 5764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5764] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5764] close(3) = 0 [pid 5764] mkdir("./file1", 0777) = 0 [pid 5764] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5765] <... fallocate resumed>) = 0 [pid 5765] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5765] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... mount resumed>) = 0 [pid 5765] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5765] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... futex resumed>) = 1 [pid 5765] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5765] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5765] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5764] ioctl(5, LOOP_CLR_FD) = 0 [pid 5764] close(5) = 0 [pid 5764] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] exit_group(0) = ? [pid 5764] <... futex resumed>) = ? [pid 5764] +++ exited with 0 +++ [pid 5765] <... futex resumed>) = ? [pid 5765] +++ exited with 0 +++ [pid 5763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5763, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/bus") = 0 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5766 ./strace-static-x86_64: Process 5766 attached [pid 5766] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5766] chdir("./185") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5766] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.459923][ T5764] loop0: detected capacity change from 0 to 512 [ 66.477248][ T5764] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5766] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5766] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5767 attached [pid 5767] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5766] <... clone3 resumed> => {parent_tid=[5767]}, 88) = 5767 [pid 5767] <... rseq resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5767] set_robust_list(0x7f4380f929a0, 24 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5767] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5766] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] memfd_create("syzkaller", 0 [pid 5766] <... futex resumed>) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5767] <... memfd_create resumed>) = 3 [pid 5766] <... mmap resumed>) = 0x7f4380f51000 [pid 5767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5766] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5767] <... mmap resumed>) = 0x7f4378b51000 [pid 5766] <... mprotect resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5768 attached [pid 5768] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5766] <... clone3 resumed> => {parent_tid=[5768]}, 88) = 5768 [pid 5768] <... rseq resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5768] set_robust_list(0x7f4380f719a0, 24 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] <... set_robust_list resumed>) = 0 [pid 5767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5766] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5766] <... futex resumed>) = 0 [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5766] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... open resumed>) = 4 [pid 5768] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... futex resumed>) = 1 [pid 5768] fallocate(4, 0, 35143, 7 [pid 5767] <... write resumed>) = 262144 [pid 5767] munmap(0x7f4378b51000, 262144) = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5767] ioctl(5, LOOP_SET_FD, 3 [pid 5768] <... fallocate resumed>) = 0 [pid 5768] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5768] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5768] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5768] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5767] <... ioctl resumed>) = 0 [pid 5766] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] close(3) = 0 [pid 5767] mkdir("./file1", 0777) = 0 [pid 5767] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5768] <... write resumed>) = -1 EIO (Input/output error) [pid 5768] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5768] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5767] ioctl(5, LOOP_CLR_FD) = 0 [pid 5767] close(5) = 0 [pid 5767] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] exit_group(0 [pid 5768] <... futex resumed>) = ? [pid 5768] +++ exited with 0 +++ [pid 5767] <... futex resumed>) = ? [pid 5767] +++ exited with 0 +++ [pid 5766] <... exit_group resumed>) = ? [pid 5766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5766, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/bus") = 0 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 umount2("./185/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5769 ./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5769] chdir("./186") = 0 [ 66.556767][ T5767] loop0: detected capacity change from 0 to 512 [ 66.568940][ T5768] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 66.578659][ T5768] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 66.592050][ T5767] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5769] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5770 attached [pid 5770] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5769] <... clone3 resumed> => {parent_tid=[5770]}, 88) = 5770 [pid 5770] <... rseq resumed>) = 0 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] set_robust_list(0x7f4380f929a0, 24 [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] <... set_robust_list resumed>) = 0 [pid 5769] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] <... futex resumed>) = 0 [pid 5770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] memfd_create("syzkaller", 0 [pid 5769] <... futex resumed>) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5770] <... memfd_create resumed>) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5769] <... mmap resumed>) = 0x7f4380f51000 [pid 5770] <... mmap resumed>) = 0x7f4378b51000 [pid 5769] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5769] <... mprotect resumed>) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5771 attached [pid 5771] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5771] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5769] <... clone3 resumed> => {parent_tid=[5771]}, 88) = 5771 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5769] <... futex resumed>) = 1 [pid 5771] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... open resumed>) = 4 [pid 5771] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] fallocate(4, 0, 35143, 7 [pid 5770] <... write resumed>) = 262144 [pid 5770] munmap(0x7f4378b51000, 262144) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5770] ioctl(5, LOOP_SET_FD, 3 [pid 5771] <... fallocate resumed>) = 0 [pid 5770] <... ioctl resumed>) = 0 [pid 5771] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] close(3) = 0 [pid 5770] mkdir("./file1", 0777 [pid 5771] <... futex resumed>) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5771] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5770] <... mkdir resumed>) = 0 [pid 5770] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5771] <... mount resumed>) = 0 [pid 5771] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... open resumed>) = 3 [pid 5771] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5769] <... futex resumed>) = 1 [pid 5769] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5771] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5771] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5770] ioctl(5, LOOP_CLR_FD) = 0 [pid 5770] close(5) = 0 [pid 5770] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] exit_group(0 [pid 5771] <... futex resumed>) = ? [pid 5770] <... futex resumed>) = ? [pid 5769] <... exit_group resumed>) = ? [pid 5771] +++ exited with 0 +++ [pid 5770] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5769, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/bus") = 0 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5772 attached , child_tidptr=0x555556e0f690) = 5772 [ 66.657508][ T5770] loop0: detected capacity change from 0 to 512 [ 66.670612][ T5770] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 66.680787][ T5770] EXT4-fs (loop0): group descriptors corrupted! [pid 5772] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5772] chdir("./187") = 0 [pid 5772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5772] setpgid(0, 0) = 0 [pid 5772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5772] write(3, "1000", 4) = 4 [pid 5772] close(3) = 0 [pid 5772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5772] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5772] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5773 attached => {parent_tid=[5773]}, 88) = 5773 [pid 5773] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] set_robust_list(0x7f4380f929a0, 24 [pid 5772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] <... set_robust_list resumed>) = 0 [pid 5772] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], [pid 5772] <... futex resumed>) = 0 [pid 5773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5772] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] memfd_create("syzkaller", 0 [pid 5772] <... futex resumed>) = 0 [pid 5772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5772] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5773] <... memfd_create resumed>) = 3 [pid 5773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5773] <... mmap resumed>) = 0x7f4378b51000 [pid 5772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5774 attached [pid 5773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5774] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5772] <... clone3 resumed> => {parent_tid=[5774]}, 88) = 5774 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5772] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5773] <... write resumed>) = 262144 [pid 5773] munmap(0x7f4378b51000, 262144 [pid 5774] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... munmap resumed>) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5774] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5773] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5772] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] fallocate(4, 0, 35143, 7 [pid 5773] <... openat resumed>) = 5 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] ioctl(5, LOOP_SET_FD, 3 [pid 5774] <... fallocate resumed>) = 0 [pid 5773] <... ioctl resumed>) = 0 [pid 5774] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] close(3 [pid 5774] <... futex resumed>) = 1 [pid 5773] <... close resumed>) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5774] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] mkdir("./file1", 0777) = 0 [pid 5772] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5774] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5774] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5772] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... mount resumed>) = 0 [pid 5774] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5774] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5774] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5774] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5773] ioctl(5, LOOP_CLR_FD) = 0 [pid 5773] close(5) = 0 [pid 5773] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] exit_group(0 [pid 5774] <... futex resumed>) = ? [pid 5773] <... futex resumed>) = ? [pid 5772] <... exit_group resumed>) = ? [pid 5774] +++ exited with 0 +++ [pid 5773] +++ exited with 0 +++ [pid 5772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5772, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./187/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/bus") = 0 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5775 attached , child_tidptr=0x555556e0f690) = 5775 [pid 5775] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5775] chdir("./188") = 0 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5775] setpgid(0, 0) = 0 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5775] write(3, "1000", 4) = 4 [pid 5775] close(3) = 0 [pid 5775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5775] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5775] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5776 attached [pid 5776] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5775] <... clone3 resumed> => {parent_tid=[5776]}, 88) = 5776 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5775] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5776] <... rseq resumed>) = 0 [pid 5776] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5775] <... mmap resumed>) = 0x7f4380f51000 [pid 5776] memfd_create("syzkaller", 0 [pid 5775] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5776] <... memfd_create resumed>) = 3 [pid 5776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5775] <... mprotect resumed>) = 0 [pid 5776] <... mmap resumed>) = 0x7f4378b51000 [pid 5775] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5775] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5777 attached => {parent_tid=[5777]}, 88) = 5777 [pid 5777] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 66.758630][ T5773] loop0: detected capacity change from 0 to 512 [ 66.777314][ T5773] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5775] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... rseq resumed>) = 0 [pid 5775] <... futex resumed>) = 0 [pid 5777] set_robust_list(0x7f4380f719a0, 24 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... set_robust_list resumed>) = 0 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], [pid 5776] <... write resumed>) = 262144 [pid 5777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5776] munmap(0x7f4378b51000, 262144 [pid 5777] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5777] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5777] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] <... futex resumed>) = 0 [pid 5777] fallocate(4, 0, 35143, 7 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] <... munmap resumed>) = 0 [pid 5776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5776] ioctl(5, LOOP_SET_FD, 3 [pid 5777] <... fallocate resumed>) = 0 [pid 5777] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] <... futex resumed>) = 0 [pid 5775] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5777] <... futex resumed>) = 0 [pid 5775] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5775] <... futex resumed>) = 0 [pid 5777] <... open resumed>) = 6 [pid 5776] <... ioctl resumed>) = 0 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] close(3 [pid 5777] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5777] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] <... close resumed>) = 0 [pid 5775] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] <... futex resumed>) = 0 [pid 5777] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5776] mkdir("./file1", 0777 [pid 5775] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] <... mkdir resumed>) = 0 [pid 5776] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5777] <... write resumed>) = 262144 [pid 5777] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5777] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5776] ioctl(5, LOOP_CLR_FD) = 0 [pid 5776] close(5) = 0 [pid 5776] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] exit_group(0 [pid 5777] <... futex resumed>) = ? [pid 5777] +++ exited with 0 +++ [pid 5775] <... exit_group resumed>) = ? [pid 5776] <... futex resumed>) = ? [pid 5776] +++ exited with 0 +++ [pid 5775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5775, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./188/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/bus") = 0 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5778 attached , child_tidptr=0x555556e0f690) = 5778 [pid 5778] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5778] chdir("./189") = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4) = 4 [pid 5778] close(3) = 0 [pid 5778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5778] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5778] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5779]}, 88) = 5779 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5778] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5778] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5780 attached [pid 5780] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5778] <... clone3 resumed> => {parent_tid=[5780]}, 88) = 5780 [pid 5780] set_robust_list(0x7f4380f719a0, 24 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], [pid 5780] <... set_robust_list resumed>) = 0 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], [pid 5778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5778] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... open resumed>) = 3 [pid 5780] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5778] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] fallocate(3, 0, 35143, 7 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5779 attached [pid 5779] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5779] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5779] memfd_create("syzkaller", 0) = 4 [pid 5779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5779] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5780] <... fallocate resumed>) = 0 [pid 5780] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] <... futex resumed>) = 0 [pid 5780] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5778] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5778] <... futex resumed>) = 0 [pid 5780] <... mount resumed>) = 0 [pid 5778] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 1 [pid 5778] <... futex resumed>) = 0 [pid 5780] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5778] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... open resumed>) = 5 [pid 5780] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... write resumed>) = 262144 [pid 5778] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5778] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5778] <... futex resumed>) = 0 [pid 5780] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5780] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... futex resumed>) = 0 [pid 5778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 66.846540][ T5776] loop0: detected capacity change from 0 to 512 [ 66.865273][ T5776] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5780] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] munmap(0x7f4378b51000, 262144) = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5779] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5779] close(4) = 0 [pid 5779] mkdir("./file1", 0777) = 0 [pid 5779] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5779] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5779] chdir("./file1") = 0 [pid 5779] ioctl(6, LOOP_CLR_FD) = 0 [pid 5779] close(6) = 0 [pid 5779] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] exit_group(0 [pid 5780] <... futex resumed>) = ? [pid 5779] <... futex resumed>) = ? [pid 5778] <... exit_group resumed>) = ? [pid 5780] +++ exited with 0 +++ [pid 5779] +++ exited with 0 +++ [pid 5778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5778, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./189/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/bus") = 0 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 66.908910][ T5779] loop0: detected capacity change from 0 to 512 [ 66.936500][ T5779] EXT4-fs (loop0): 1 orphan inode deleted [ 66.942517][ T5779] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/189/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./189/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5784] chdir("./190") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5784] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5785 attached => {parent_tid=[5785]}, 88) = 5785 [pid 5785] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] <... rseq resumed>) = 0 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] set_robust_list(0x7f4380f929a0, 24 [pid 5784] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5785] memfd_create("syzkaller", 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5785] <... memfd_create resumed>) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5784] <... mmap resumed>) = 0x7f4380f51000 [pid 5784] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5785] <... mmap resumed>) = 0x7f4378b51000 [pid 5784] <... mprotect resumed>) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5786 attached [pid 5786] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5784] <... clone3 resumed> => {parent_tid=[5786]}, 88) = 5786 [pid 5786] <... rseq resumed>) = 0 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5786] set_robust_list(0x7f4380f719a0, 24 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5786] <... set_robust_list resumed>) = 0 [pid 5784] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5786] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5784] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5786] <... open resumed>) = 4 [pid 5785] <... write resumed>) = 262144 [pid 5785] munmap(0x7f4378b51000, 262144) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5785] ioctl(5, LOOP_SET_FD, 3 [pid 5786] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... ioctl resumed>) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = 1 [pid 5784] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] fallocate(4, 0, 35143, 7 [pid 5785] close(3) = 0 [pid 5785] mkdir("./file1", 0777 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mkdir resumed>) = 0 [pid 5785] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5786] <... fallocate resumed>) = 0 [pid 5786] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5786] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5784] <... futex resumed>) = 0 [pid 5786] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [ 67.037892][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 67.037903][ T28] audit: type=1800 audit(1694162035.179:192): pid=5786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.039472][ T5785] loop0: detected capacity change from 0 to 512 [ 67.080429][ T5785] EXT4-fs (loop0): 1 orphan inode deleted [pid 5784] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5786] <... mount resumed>) = 0 [pid 5786] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = 1 [pid 5786] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 1 [pid 5786] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5784] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5786] <... open resumed>) = 3 [pid 5786] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5786] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5784] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5786] <... write resumed>) = 262144 [pid 5786] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5786] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5785] <... mount resumed>) = 0 [pid 5785] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5785] chdir("./file1") = 0 [pid 5785] ioctl(5, LOOP_CLR_FD) = 0 [pid 5785] close(5) = 0 [pid 5785] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] exit_group(0 [pid 5786] <... futex resumed>) = ? [pid 5784] <... exit_group resumed>) = ? [pid 5786] +++ exited with 0 +++ [pid 5785] <... futex resumed>) = ? [pid 5785] +++ exited with 0 +++ [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./190/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/bus") = 0 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 [ 67.086179][ T5785] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/190/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./190/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5789 attached [pid 5789] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5789] chdir("./191") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5789] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5789 [pid 5789] <... clone3 resumed> => {parent_tid=[5790]}, 88) = 5790 ./strace-static-x86_64: Process 5790 attached [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5790] <... rseq resumed>) = 0 [pid 5789] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] set_robust_list(0x7f4380f929a0, 24 [pid 5789] <... futex resumed>) = 0 [pid 5790] <... set_robust_list resumed>) = 0 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] <... futex resumed>) = 0 [pid 5790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5790] memfd_create("syzkaller", 0 [pid 5789] <... mmap resumed>) = 0x7f4380f51000 [pid 5789] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5790] <... memfd_create resumed>) = 3 [pid 5789] <... mprotect resumed>) = 0 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5791 attached [pid 5790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5789] <... clone3 resumed> => {parent_tid=[5791]}, 88) = 5791 [pid 5791] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5790] <... write resumed>) = 262144 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] munmap(0x7f4378b51000, 262144 [pid 5789] <... futex resumed>) = 0 [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5790] <... munmap resumed>) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 67.134529][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 67.144107][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5790] ioctl(5, LOOP_SET_FD, 3 [pid 5791] <... open resumed>) = 4 [pid 5791] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... ioctl resumed>) = 0 [pid 5790] close(3) = 0 [pid 5790] mkdir("./file1", 0777) = 0 [pid 5790] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5791] <... futex resumed>) = 1 [pid 5791] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5791] fallocate(4, 0, 35143, 7 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... fallocate resumed>) = 0 [pid 5791] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5791] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5791] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... open resumed>) = 3 [pid 5791] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... futex resumed>) = 1 [ 67.185207][ T5790] loop0: detected capacity change from 0 to 512 [ 67.185344][ T28] audit: type=1800 audit(1694162035.319:193): pid=5791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.221955][ T5790] EXT4-fs (loop0): 1 orphan inode deleted [pid 5791] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5791] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5791] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] <... mount resumed>) = 0 [pid 5790] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5790] chdir("./file1") = 0 [pid 5790] ioctl(5, LOOP_CLR_FD) = 0 [pid 5790] close(5) = 0 [pid 5790] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] exit_group(0 [pid 5791] <... futex resumed>) = ? [pid 5790] <... futex resumed>) = ? [pid 5789] <... exit_group resumed>) = ? [pid 5791] +++ exited with 0 +++ [pid 5790] +++ exited with 0 +++ [pid 5789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5789, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./191/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/bus") = 0 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5794 ./strace-static-x86_64: Process 5794 attached [pid 5794] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5794] chdir("./192") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5794] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5795]}, 88) = 5795 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5794] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5794] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 67.228805][ T5790] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.262348][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 67.272097][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5796]}, 88) = 5796 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5795 attached NULL, 8) = 0 [pid 5795] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5794] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... rseq resumed>) = 0 [pid 5794] <... futex resumed>) = 0 [pid 5795] set_robust_list(0x7f4380f929a0, 24 [pid 5794] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... set_robust_list resumed>) = 0 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5795] memfd_create("syzkaller", 0) = 3 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5796 attached ) = 0x7f4378b51000 [pid 5796] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5796] <... rseq resumed>) = 0 [pid 5796] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5796] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5795] <... write resumed>) = 262144 [pid 5795] munmap(0x7f4378b51000, 262144) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5795] ioctl(5, LOOP_SET_FD, 3 [pid 5796] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... ioctl resumed>) = 0 [pid 5794] <... futex resumed>) = 0 [pid 5795] close(3 [pid 5794] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... close resumed>) = 0 [pid 5794] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5796] fallocate(4, 0, 35143, 7 [pid 5795] mkdir("./file1", 0777 [pid 5794] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... mkdir resumed>) = 0 [pid 5795] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5796] <... fallocate resumed>) = 0 [pid 5796] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5796] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5796] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5794] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... mount resumed>) = 0 [pid 5796] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5796] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5794] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5796] <... open resumed>) = 3 [pid 5794] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... write resumed>) = 262144 [pid 5796] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [ 67.322161][ T28] audit: type=1800 audit(1694162035.459:194): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.323872][ T5795] loop0: detected capacity change from 0 to 512 [pid 5796] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5795] ioctl(5, LOOP_CLR_FD) = 0 [pid 5795] close(5) = 0 [pid 5795] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] exit_group(0 [pid 5796] <... futex resumed>) = ? [pid 5795] <... futex resumed>) = ? [pid 5794] <... exit_group resumed>) = ? [pid 5796] +++ exited with 0 +++ [pid 5795] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./192/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/bus") = 0 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 [ 67.367077][ T5795] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5797 attached , child_tidptr=0x555556e0f690) = 5797 [pid 5797] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5797] chdir("./193") = 0 [pid 5797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5797] setpgid(0, 0) = 0 [pid 5797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5797] write(3, "1000", 4) = 4 [pid 5797] close(3) = 0 [pid 5797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5797] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5797] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5798 attached => {parent_tid=[5798]}, 88) = 5798 [pid 5797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5797] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5798] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5797] <... mmap resumed>) = 0x7f4380f51000 [pid 5798] <... rseq resumed>) = 0 [pid 5798] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5797] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], [pid 5797] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5797] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5799 attached [pid 5798] memfd_create("syzkaller", 0 [pid 5797] <... clone3 resumed> => {parent_tid=[5799]}, 88) = 5799 [pid 5799] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5797] rt_sigprocmask(SIG_SETMASK, [], [pid 5799] set_robust_list(0x7f4380f719a0, 24 [pid 5797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5799] <... set_robust_list resumed>) = 0 [pid 5797] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], [pid 5797] <... futex resumed>) = 0 [pid 5799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] <... memfd_create resumed>) = 3 [pid 5798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5797] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5798] <... mmap resumed>) = 0x7f4378b51000 [pid 5799] <... open resumed>) = 4 [pid 5799] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5799] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] <... futex resumed>) = 0 [pid 5797] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] fallocate(4, 0, 35143, 7 [pid 5798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5798] munmap(0x7f4378b51000, 262144) = 0 [pid 5798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5798] ioctl(5, LOOP_SET_FD, 3 [pid 5799] <... fallocate resumed>) = 0 [pid 5799] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = 0 [pid 5797] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5798] <... ioctl resumed>) = 0 [pid 5797] <... futex resumed>) = 1 [pid 5799] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] close(3 [pid 5797] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 0 [pid 5798] <... close resumed>) = 0 [pid 5799] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5798] mkdir("./file1", 0777 [pid 5797] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5797] <... futex resumed>) = 1 [pid 5799] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5797] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5798] <... mkdir resumed>) = 0 [pid 5797] <... futex resumed>) = 1 [pid 5799] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5798] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5797] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... write resumed>) = 262144 [pid 5799] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5797] <... futex resumed>) = 0 [pid 5799] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5798] ioctl(5, LOOP_CLR_FD) = 0 [pid 5798] close(5) = 0 [pid 5798] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] exit_group(0 [pid 5799] <... futex resumed>) = ? [pid 5798] <... futex resumed>) = ? [pid 5797] <... exit_group resumed>) = ? [pid 5799] +++ exited with 0 +++ [pid 5798] +++ exited with 0 +++ [pid 5797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5797, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./193/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/bus") = 0 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5800 attached , child_tidptr=0x555556e0f690) = 5800 [pid 5800] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5800] chdir("./194") = 0 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5800] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5800] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [ 67.445440][ T28] audit: type=1800 audit(1694162035.579:195): pid=5799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.449175][ T5798] loop0: detected capacity change from 0 to 512 [ 67.482421][ T5798] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5800] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5801 attached [pid 5801] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5800] <... clone3 resumed> => {parent_tid=[5801]}, 88) = 5801 [pid 5801] <... rseq resumed>) = 0 [pid 5800] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] set_robust_list(0x7f4380f929a0, 24 [pid 5800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] <... set_robust_list resumed>) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5800] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5800] <... futex resumed>) = 0 [pid 5801] memfd_create("syzkaller", 0 [pid 5800] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5801] <... memfd_create resumed>) = 3 [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5800] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5801] <... mmap resumed>) = 0x7f4378b51000 [pid 5800] <... mprotect resumed>) = 0 [pid 5801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5802]}, 88) = 5802 [pid 5800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5800] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5802 attached [pid 5802] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5802] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5802] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... write resumed>) = 262144 [pid 5802] <... futex resumed>) = 1 [pid 5802] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] munmap(0x7f4378b51000, 262144 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... futex resumed>) = 0 [pid 5802] fallocate(4, 0, 35143, 7 [pid 5801] <... munmap resumed>) = 0 [pid 5801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5801] ioctl(5, LOOP_SET_FD, 3 [pid 5802] <... fallocate resumed>) = 0 [pid 5802] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... ioctl resumed>) = 0 [pid 5802] <... futex resumed>) = 1 [pid 5801] close(3 [pid 5800] <... futex resumed>) = 0 [pid 5802] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... close resumed>) = 0 [pid 5801] mkdir("./file1", 0777 [pid 5800] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5801] <... mkdir resumed>) = 0 [pid 5800] <... futex resumed>) = 1 [pid 5802] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5801] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5800] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... mount resumed>) = 0 [pid 5802] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5802] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5800] <... futex resumed>) = 0 [pid 5802] <... open resumed>) = 3 [pid 5800] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5800] <... futex resumed>) = 1 [pid 5802] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5800] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... write resumed>) = 262144 [pid 5802] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [ 67.533878][ T28] audit: type=1800 audit(1694162035.669:196): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.558752][ T5801] loop0: detected capacity change from 0 to 512 [pid 5802] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5801] ioctl(5, LOOP_CLR_FD) = 0 [pid 5801] close(5) = 0 [pid 5801] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] exit_group(0 [pid 5801] <... futex resumed>) = ? [pid 5800] <... exit_group resumed>) = ? [pid 5802] <... futex resumed>) = ? [pid 5801] +++ exited with 0 +++ [pid 5802] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5800, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./194/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/bus") = 0 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5803 ./strace-static-x86_64: Process 5803 attached [ 67.577022][ T5801] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5803] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5803] chdir("./195") = 0 [pid 5803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5803] setpgid(0, 0) = 0 [pid 5803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5803] write(3, "1000", 4) = 4 [pid 5803] close(3) = 0 [pid 5803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5803] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5803] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5803] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5804 attached [pid 5804] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5803] <... clone3 resumed> => {parent_tid=[5804]}, 88) = 5804 [pid 5804] <... rseq resumed>) = 0 [pid 5804] set_robust_list(0x7f4380f929a0, 24 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... set_robust_list resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5803] <... futex resumed>) = 0 [pid 5804] memfd_create("syzkaller", 0) = 3 [pid 5803] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5803] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] <... mmap resumed>) = 0x7f4378b51000 [pid 5803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5805 attached => {parent_tid=[5805]}, 88) = 5805 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5805] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] <... rseq resumed>) = 0 [pid 5805] set_robust_list(0x7f4380f719a0, 24 [pid 5804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5803] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5803] <... futex resumed>) = 0 [pid 5805] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5804] <... write resumed>) = 262144 [pid 5805] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] <... futex resumed>) = 0 [pid 5803] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] <... futex resumed>) = 0 [pid 5805] fallocate(4, 0, 35143, 7 [pid 5804] munmap(0x7f4378b51000, 262144 [pid 5803] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5804] <... munmap resumed>) = 0 [pid 5804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5804] ioctl(5, LOOP_SET_FD, 3 [pid 5805] <... fallocate resumed>) = 0 [pid 5804] <... ioctl resumed>) = 0 [pid 5805] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] close(3 [pid 5803] <... futex resumed>) = 0 [pid 5805] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... close resumed>) = 0 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5803] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] mkdir("./file1", 0777 [pid 5803] <... futex resumed>) = 0 [pid 5805] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5804] <... mkdir resumed>) = 0 [pid 5803] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... mount resumed>) = 0 [pid 5804] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5805] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5805] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5803] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5805] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5805] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5803] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5803] <... futex resumed>) = 0 [ 67.641758][ T28] audit: type=1800 audit(1694162035.779:197): pid=5805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.666335][ T5804] loop0: detected capacity change from 0 to 512 [ 67.685685][ T5804] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5803] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... write resumed>) = 262144 [pid 5804] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5805] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] ioctl(5, LOOP_CLR_FD [pid 5803] <... futex resumed>) = 0 [pid 5805] <... futex resumed>) = 1 [pid 5805] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... ioctl resumed>) = 0 [pid 5804] close(5) = 0 [pid 5804] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] exit_group(0) = ? [pid 5805] <... futex resumed>) = ? [pid 5805] +++ exited with 0 +++ [pid 5804] <... futex resumed>) = ? [pid 5804] +++ exited with 0 +++ [pid 5803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5803, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./195/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/bus") = 0 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5806 ./strace-static-x86_64: Process 5806 attached [pid 5806] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5806] chdir("./196") = 0 [pid 5806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5806] setpgid(0, 0) = 0 [pid 5806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] write(3, "1000", 4) = 4 [pid 5806] close(3) = 0 [pid 5806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5806] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5806] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5807]}, 88) = 5807 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5806] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 ./strace-static-x86_64: Process 5807 attached [pid 5807] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5807] set_robust_list(0x7f4380f929a0, 24 [pid 5806] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5807] <... set_robust_list resumed>) = 0 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5806] <... mprotect resumed>) = 0 [pid 5807] memfd_create("syzkaller", 0) = 3 [pid 5807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5806] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5807] <... mmap resumed>) = 0x7f4378b51000 [pid 5807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5806] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5808]}, 88) = 5808 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5806] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5808 attached [pid 5807] <... write resumed>) = 262144 [pid 5808] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5807] munmap(0x7f4378b51000, 262144 [pid 5808] <... rseq resumed>) = 0 [pid 5808] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5808] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5808] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... munmap resumed>) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5808] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... openat resumed>) = 5 [pid 5807] ioctl(5, LOOP_SET_FD, 3 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] fallocate(4, 0, 35143, 7 [pid 5807] <... ioctl resumed>) = 0 [pid 5807] close(3) = 0 [pid 5807] mkdir("./file1", 0777) = 0 [pid 5808] <... fallocate resumed>) = 0 [pid 5807] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5808] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5808] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5808] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5808] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5808] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5808] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [ 67.742751][ T28] audit: type=1800 audit(1694162035.879:198): pid=5808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.765270][ T5807] loop0: detected capacity change from 0 to 512 [pid 5808] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5807] ioctl(5, LOOP_CLR_FD) = 0 [pid 5807] close(5) = 0 [pid 5807] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] exit_group(0 [pid 5807] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] <... futex resumed>) = ? [pid 5807] <... futex resumed>) = ? [pid 5806] <... exit_group resumed>) = ? [pid 5807] +++ exited with 0 +++ [pid 5808] +++ exited with 0 +++ [pid 5806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5806, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./196/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/bus") = 0 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5809 ./strace-static-x86_64: Process 5809 attached [pid 5809] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5809] chdir("./197") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [ 67.787142][ T5807] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5809] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5810 attached [pid 5810] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5809] <... clone3 resumed> => {parent_tid=[5810]}, 88) = 5810 [pid 5810] <... rseq resumed>) = 0 [pid 5810] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5809] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5810] memfd_create("syzkaller", 0 [pid 5809] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] <... memfd_create resumed>) = 3 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5809] <... mmap resumed>) = 0x7f4378b51000 [pid 5809] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5811 attached [pid 5810] <... write resumed>) = 262144 [pid 5811] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5811] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5811] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] munmap(0x7f4378b72000, 262144 [pid 5809] <... clone3 resumed> => {parent_tid=[5811]}, 88) = 5811 [pid 5810] <... munmap resumed>) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5810] ioctl(4, LOOP_SET_FD, 3 [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5809] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5809] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... ioctl resumed>) = 0 [pid 5810] close(3) = 0 [pid 5810] mkdir("./file1", 0777 [pid 5811] <... open resumed>) = 5 [pid 5811] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... mkdir resumed>) = 0 [pid 5811] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5810] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5811] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] fallocate(5, 0, 35143, 7) = 0 [pid 5811] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5811] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5809] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... futex resumed>) = 1 [pid 5811] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5811] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5811] <... futex resumed>) = 1 [pid 5811] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5809] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... write resumed>) = 262144 [pid 5811] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] <... futex resumed>) = 0 [ 67.861070][ T5810] loop0: detected capacity change from 0 to 512 [ 67.868636][ T28] audit: type=1800 audit(1694162036.009:199): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5810] <... mount resumed>) = 0 [pid 5810] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5810] chdir("./file1") = 0 [pid 5810] ioctl(4, LOOP_CLR_FD) = 0 [pid 5810] close(4) = 0 [pid 5810] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] exit_group(0 [pid 5811] <... futex resumed>) = ? [pid 5809] <... exit_group resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5810] <... futex resumed>) = ? [pid 5810] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./197/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/bus") = 0 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 [ 67.900193][ T5810] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/197/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5814 ./strace-static-x86_64: Process 5814 attached [pid 5814] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5814] chdir("./198") = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0) = 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5814] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5814] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5815 attached [pid 5815] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5815] set_robust_list(0x7f4380f929a0, 24 [pid 5814] <... clone3 resumed> => {parent_tid=[5815]}, 88) = 5815 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5814] rt_sigprocmask(SIG_SETMASK, [], [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] memfd_create("syzkaller", 0 [pid 5814] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] <... memfd_create resumed>) = 3 [pid 5814] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5814] <... futex resumed>) = 0 [pid 5815] <... mmap resumed>) = 0x7f4378b72000 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5814] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5816]}, 88) = 5816 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5816 attached [pid 5815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5816] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5816] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5816] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5815] <... write resumed>) = 262144 [pid 5816] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5816] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] fallocate(4, 0, 35143, 7 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] munmap(0x7f4378b72000, 262144) = 0 [pid 5815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5815] ioctl(5, LOOP_SET_FD, 3 [pid 5816] <... fallocate resumed>) = 0 [pid 5815] <... ioctl resumed>) = 0 [pid 5816] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] close(3 [pid 5816] <... futex resumed>) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] <... close resumed>) = 0 [pid 5816] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] mkdir("./file1", 0777 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5815] <... mkdir resumed>) = 0 [pid 5814] <... futex resumed>) = 0 [pid 5816] <... mount resumed>) = 0 [pid 5815] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5814] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] <... futex resumed>) = 0 [pid 5816] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5814] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... open resumed>) = 3 [pid 5816] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5816] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5814] <... futex resumed>) = 1 [pid 5816] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5814] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... write resumed>) = 262144 [pid 5816] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = 0 [pid 5815] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5815] ioctl(5, LOOP_CLR_FD) = 0 [pid 5815] close(5) = 0 [pid 5815] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] exit_group(0 [pid 5816] <... futex resumed>) = ? [pid 5814] <... exit_group resumed>) = ? [pid 5816] +++ exited with 0 +++ [pid 5815] <... futex resumed>) = ? [pid 5815] +++ exited with 0 +++ [pid 5814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5814, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./198/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/bus") = 0 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5817 attached , child_tidptr=0x555556e0f690) = 5817 [pid 5817] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5817] chdir("./199") = 0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] setpgid(0, 0) = 0 [ 67.982341][ T28] audit: type=1800 audit(1694162036.119:200): pid=5816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.987989][ T5815] loop0: detected capacity change from 0 to 512 [ 68.017195][ T5815] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1000", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5817] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5817] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5818 attached => {parent_tid=[5818]}, 88) = 5818 [pid 5818] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... rseq resumed>) = 0 [pid 5818] set_robust_list(0x7f4380f929a0, 24 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... set_robust_list resumed>) = 0 [pid 5817] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] rt_sigprocmask(SIG_SETMASK, [], [pid 5817] <... futex resumed>) = 0 [pid 5818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5817] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] memfd_create("syzkaller", 0 [pid 5817] <... futex resumed>) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5818] <... memfd_create resumed>) = 3 [pid 5817] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5817] <... mprotect resumed>) = 0 [pid 5818] <... mmap resumed>) = 0x7f4378b51000 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5819 attached => {parent_tid=[5819]}, 88) = 5819 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5817] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5819] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5819] <... open resumed>) = 4 [pid 5818] <... write resumed>) = 262144 [pid 5819] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] munmap(0x7f4378b51000, 262144 [pid 5819] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... munmap resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5818] ioctl(5, LOOP_SET_FD, 3 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5819] fallocate(4, 0, 35143, 7 [pid 5817] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... ioctl resumed>) = 0 [pid 5818] close(3) = 0 [pid 5818] mkdir("./file1", 0777) = 0 [pid 5818] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5819] <... fallocate resumed>) = 0 [pid 5819] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5817] <... futex resumed>) = 0 [pid 5819] <... mount resumed>) = 0 [pid 5817] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5817] <... futex resumed>) = 0 [pid 5819] <... open resumed>) = 3 [pid 5817] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5817] <... futex resumed>) = 0 [ 68.081121][ T28] audit: type=1800 audit(1694162036.219:201): pid=5819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 68.093876][ T5818] loop0: detected capacity change from 0 to 512 [ 68.115516][ T5818] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [pid 5817] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... write resumed>) = 262144 [pid 5819] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5819] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5818] ioctl(5, LOOP_CLR_FD) = 0 [pid 5818] close(5) = 0 [pid 5818] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] exit_group(0 [pid 5818] <... futex resumed>) = ? [pid 5817] <... exit_group resumed>) = ? [pid 5819] <... futex resumed>) = ? [pid 5819] +++ exited with 0 +++ [pid 5818] +++ exited with 0 +++ [pid 5817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5817, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./199/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/bus") = 0 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 68.126459][ T5818] EXT4-fs (loop0): group descriptors corrupted! getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached [pid 5820] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5820 [pid 5820] <... set_robust_list resumed>) = 0 [pid 5820] chdir("./200") = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5820] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5821 attached [pid 5821] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5820] <... clone3 resumed> => {parent_tid=[5821]}, 88) = 5821 [pid 5821] <... rseq resumed>) = 0 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] set_robust_list(0x7f4380f929a0, 24 [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... set_robust_list resumed>) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5821] memfd_create("syzkaller", 0 [pid 5820] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... memfd_create resumed>) = 3 [pid 5820] <... futex resumed>) = 0 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... mmap resumed>) = 0x7f4378b72000 [pid 5820] <... mmap resumed>) = 0x7f4378b51000 [pid 5820] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5822 attached [pid 5822] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5820] <... clone3 resumed> => {parent_tid=[5822]}, 88) = 5822 [pid 5822] <... rseq resumed>) = 0 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] set_robust_list(0x7f4378b719a0, 24 [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5822] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5820] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... open resumed>) = 4 [pid 5822] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... futex resumed>) = 1 [pid 5822] fallocate(4, 0, 35143, 7 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5821] munmap(0x7f4378b72000, 262144) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... fallocate resumed>) = 0 [pid 5822] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5822] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] <... futex resumed>) = 0 [pid 5822] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5820] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... mount resumed>) = 0 [pid 5821] <... openat resumed>) = 5 [pid 5822] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] ioctl(5, LOOP_SET_FD, 3 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5820] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5822] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5820] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3) = 0 [pid 5821] mkdir("./file1", 0777) = 0 [pid 5821] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5822] <... write resumed>) = -1 EIO (Input/output error) [pid 5822] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... futex resumed>) = 0 [pid 5821] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5821] ioctl(5, LOOP_CLR_FD) = 0 [pid 5821] close(5) = 0 [pid 5821] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] exit_group(0 [pid 5821] <... futex resumed>) = ? [pid 5820] <... exit_group resumed>) = ? [pid 5822] <... futex resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ [pid 5820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./200/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/bus") = 0 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 68.197827][ T5821] loop0: detected capacity change from 0 to 512 [ 68.201885][ T5822] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.213842][ T5822] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 68.225893][ T5821] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached , child_tidptr=0x555556e0f690) = 5823 [pid 5823] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5823] chdir("./201") = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5823] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5823] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5824]}, 88) = 5824 ./strace-static-x86_64: Process 5824 attached [pid 5823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5823] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5823] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5824] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5823] <... mprotect resumed>) = 0 [pid 5824] <... rseq resumed>) = 0 [pid 5824] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5824] memfd_create("syzkaller", 0 [pid 5823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5825 attached [pid 5824] <... memfd_create resumed>) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5823] <... clone3 resumed> => {parent_tid=[5825]}, 88) = 5825 [pid 5825] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5824] <... mmap resumed>) = 0x7f4378b51000 [pid 5825] <... rseq resumed>) = 0 [pid 5825] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = 1 [pid 5825] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... futex resumed>) = 1 [pid 5825] fallocate(4, 0, 35143, 7 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5824] munmap(0x7f4378b51000, 262144) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5824] ioctl(5, LOOP_SET_FD, 3 [pid 5825] <... fallocate resumed>) = 0 [pid 5824] <... ioctl resumed>) = 0 [pid 5824] close(3) = 0 [pid 5824] mkdir("./file1", 0777 [pid 5825] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5824] <... mkdir resumed>) = 0 [pid 5824] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5825] <... mount resumed>) = 0 [pid 5825] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... futex resumed>) = 1 [pid 5825] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5825] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... futex resumed>) = 1 [pid 5825] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5825] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5825] <... futex resumed>) = 1 [pid 5825] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5824] ioctl(5, LOOP_CLR_FD) = 0 [pid 5824] close(5) = 0 [pid 5824] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] exit_group(0 [pid 5824] <... futex resumed>) = ? [pid 5824] +++ exited with 0 +++ [pid 5825] <... futex resumed>) = ? [pid 5825] +++ exited with 0 +++ [pid 5823] <... exit_group resumed>) = ? [pid 5823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./201/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/bus") = 0 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached , child_tidptr=0x555556e0f690) = 5826 [pid 5826] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5826] chdir("./202") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5826] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5827]}, 88) = 5827 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5826] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5827 attached ) = 0 [pid 5826] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5826] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5827] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5827] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5828]}, 88) = 5828 [pid 5827] memfd_create("syzkaller", 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5826] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5828 attached [pid 5827] <... memfd_create resumed>) = 3 [pid 5826] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... rseq resumed>) = 0 [pid 5827] <... mmap resumed>) = 0x7f4378b51000 [pid 5828] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 68.301260][ T5824] loop0: detected capacity change from 0 to 512 [ 68.317346][ T5824] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5828] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5828] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5828] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... write resumed>) = 262144 [pid 5827] munmap(0x7f4378b51000, 262144 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] fallocate(4, 0, 35143, 7 [pid 5827] <... munmap resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5827] ioctl(5, LOOP_SET_FD, 3 [pid 5828] <... fallocate resumed>) = 0 [pid 5827] <... ioctl resumed>) = 0 [pid 5828] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] close(3) = 0 [pid 5827] mkdir("./file1", 0777 [pid 5828] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5827] <... mkdir resumed>) = 0 [pid 5828] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5828] <... futex resumed>) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5828] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5828] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5828] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5826] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... write resumed>) = 262144 [pid 5828] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5828] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5827] ioctl(5, LOOP_CLR_FD) = 0 [pid 5827] close(5) = 0 [pid 5827] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5827] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] exit_group(0 [pid 5827] <... futex resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5826] <... exit_group resumed>) = ? [pid 5828] <... futex resumed>) = ? [pid 5828] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./202/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/bus") = 0 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 68.386089][ T5827] loop0: detected capacity change from 0 to 512 [ 68.397806][ T5827] EXT4-fs (loop0): Magic mismatch, very weird! clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x555556e0f690) = 5829 [pid 5829] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5829] chdir("./203") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5829] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5830 attached => {parent_tid=[5830]}, 88) = 5830 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... rseq resumed>) = 0 [pid 5829] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] memfd_create("syzkaller", 0 [pid 5829] <... futex resumed>) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5830] <... memfd_create resumed>) = 3 [pid 5829] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5829] <... mprotect resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5831 attached => {parent_tid=[5831]}, 88) = 5831 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... rseq resumed>) = 0 [pid 5829] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] set_robust_list(0x7f4380f719a0, 24 [pid 5829] <... futex resumed>) = 0 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5829] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5831] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5831] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... write resumed>) = 262144 [pid 5831] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5831] fallocate(4, 0, 35143, 7 [pid 5829] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] munmap(0x7f4378b51000, 262144) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5830] ioctl(5, LOOP_SET_FD, 3 [pid 5831] <... fallocate resumed>) = 0 [pid 5831] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... mount resumed>) = 0 [pid 5831] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5831] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5831] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5829] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... open resumed>) = 6 [pid 5831] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5831] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] mkdir("./file1", 0777) = 0 [pid 5830] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5831] <... write resumed>) = -1 EIO (Input/output error) [pid 5831] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5831] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(5, LOOP_CLR_FD) = 0 [pid 5830] close(5) = 0 [pid 5830] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] exit_group(0 [pid 5830] <... futex resumed>) = ? [pid 5830] +++ exited with 0 +++ [pid 5829] <... exit_group resumed>) = ? [pid 5831] <... futex resumed>) = ? [pid 5831] +++ exited with 0 +++ [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./203/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/bus") = 0 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5832 ./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5832] chdir("./204") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [ 68.483042][ T5830] loop0: detected capacity change from 0 to 512 [ 68.494379][ T5831] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.504220][ T5831] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 68.518847][ T5830] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5832] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5833 attached => {parent_tid=[5833]}, 88) = 5833 [pid 5833] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] set_robust_list(0x7f4380f929a0, 24 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... futex resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... memfd_create resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5832] <... futex resumed>) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5832] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5834]}, 88) = 5834 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5834 attached [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5834] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5834] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5834] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5834] fallocate(4, 0, 35143, 7 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... write resumed>) = 262144 [pid 5833] munmap(0x7f4378b72000, 262144) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5833] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] mkdir("./file1", 0777 [pid 5834] <... fallocate resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5834] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5833] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5834] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 1 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5834] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5834] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5832] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... write resumed>) = 262144 [pid 5834] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5834] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5833] ioctl(5, LOOP_CLR_FD) = 0 [pid 5833] close(5) = 0 [pid 5833] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] exit_group(0 [pid 5833] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = ? [pid 5833] <... futex resumed>) = ? [pid 5832] <... exit_group resumed>) = ? [pid 5834] +++ exited with 0 +++ [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./204/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/bus") = 0 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5835 ./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5835] chdir("./205") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 68.574280][ T5833] loop0: detected capacity change from 0 to 512 [ 68.585723][ T5833] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 68.595806][ T5833] EXT4-fs (loop0): group descriptors corrupted! [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5835] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5836 attached [pid 5836] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5835] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5836] <... rseq resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] set_robust_list(0x7f4380f929a0, 24 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... futex resumed>) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] memfd_create("syzkaller", 0 [pid 5835] <... futex resumed>) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5836] <... memfd_create resumed>) = 3 [pid 5835] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5835] <... mprotect resumed>) = 0 [pid 5836] <... mmap resumed>) = 0x7f4378b51000 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5835] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5837] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5837] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5837] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... open resumed>) = 4 [pid 5837] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5837] fallocate(4, 0, 35143, 7 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... write resumed>) = 262144 [pid 5836] munmap(0x7f4378b51000, 262144) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5836] ioctl(5, LOOP_SET_FD, 3 [pid 5837] <... fallocate resumed>) = 0 [pid 5837] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... ioctl resumed>) = 0 [pid 5835] <... futex resumed>) = 0 [pid 5836] close(3 [pid 5835] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... close resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5836] mkdir("./file1", 0777 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5836] <... mkdir resumed>) = 0 [pid 5836] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5837] <... mount resumed>) = 0 [pid 5837] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5837] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... write resumed>) = 262144 [pid 5837] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5837] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5836] ioctl(5, LOOP_CLR_FD) = 0 [pid 5836] close(5) = 0 [pid 5836] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] exit_group(0 [pid 5837] <... futex resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5835] <... exit_group resumed>) = ? [pid 5837] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./205/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/bus") = 0 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x555556e0f690) = 5838 [pid 5838] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5838] chdir("./206") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5838] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5839 attached [pid 5839] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5839] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5838] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] memfd_create("syzkaller", 0 [pid 5838] <... futex resumed>) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5839] <... memfd_create resumed>) = 3 [pid 5838] <... mmap resumed>) = 0x7f4380f51000 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5838] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5838] <... futex resumed>) = 0 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... open resumed>) = 4 [pid 5840] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.676357][ T5836] loop0: detected capacity change from 0 to 512 [ 68.697121][ T5836] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] fallocate(4, 0, 35143, 7 [pid 5839] <... write resumed>) = 262144 [pid 5839] munmap(0x7f4378b51000, 262144) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5839] ioctl(5, LOOP_SET_FD, 3 [pid 5840] <... fallocate resumed>) = 0 [pid 5840] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5838] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] close(3 [pid 5838] <... futex resumed>) = 1 [pid 5839] <... close resumed>) = 0 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] mkdir("./file1", 0777 [pid 5840] <... futex resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5840] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5839] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5840] <... mount resumed>) = 0 [pid 5840] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... futex resumed>) = 1 [pid 5840] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5840] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... futex resumed>) = 1 [pid 5840] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5840] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5840] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5839] ioctl(5, LOOP_CLR_FD) = 0 [pid 5839] close(5) = 0 [pid 5839] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0 [pid 5840] <... futex resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5838] <... exit_group resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./206/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/bus") = 0 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 umount2("./206/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x555556e0f690) = 5841 [pid 5841] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5841] chdir("./207") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5841] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] set_robust_list(0x7f4380f929a0, 24 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... memfd_create resumed>) = 3 [pid 5841] <... futex resumed>) = 0 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5842] <... mmap resumed>) = 0x7f4378b51000 [pid 5841] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] set_robust_list(0x7f4380f719a0, 24 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5843] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... open resumed>) = 4 [pid 5843] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] <... write resumed>) = 262144 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] munmap(0x7f4378b51000, 262144 [pid 5841] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5843] fallocate(4, 0, 35143, 7 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... munmap resumed>) = 0 [ 68.761559][ T5839] loop0: detected capacity change from 0 to 512 [ 68.777457][ T5839] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5842] ioctl(5, LOOP_SET_FD, 3 [pid 5843] <... fallocate resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3) = 0 [pid 5842] mkdir("./file1", 0777 [pid 5843] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... mkdir resumed>) = 0 [pid 5843] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5842] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5843] <... mount resumed>) = 0 [pid 5843] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... futex resumed>) = 0 [pid 5843] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5843] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5843] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = 0 [pid 5842] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5842] ioctl(5, LOOP_CLR_FD) = 0 [pid 5842] close(5) = 0 [pid 5842] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5842] <... futex resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5841] <... exit_group resumed>) = ? [pid 5841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./207/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/bus") = 0 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 umount2("./207/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5844] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5844] chdir("./208") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5844 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5844] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5845]}, 88) = 5845 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5844] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5844] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5845 attached ) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5845] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5844] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5845] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5846] set_robust_list(0x7f4380f719a0, 24 [pid 5844] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5846] <... open resumed>) = 3 [pid 5845] <... memfd_create resumed>) = 4 [pid 5846] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... futex resumed>) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5846] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5846] fallocate(3, 0, 35143, 7 [pid 5845] <... mmap resumed>) = 0x7f4378b51000 [pid 5844] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5846] <... fallocate resumed>) = 0 [pid 5846] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5846] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5846] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5844] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... mount resumed>) = 0 [pid 5846] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... futex resumed>) = 1 [pid 5846] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5846] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5846] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5846] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5844] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5846] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 1 [pid 5846] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] <... write resumed>) = 262144 [pid 5845] munmap(0x7f4378b51000, 262144) = 0 [ 68.839171][ T5842] loop0: detected capacity change from 0 to 512 [ 68.856724][ T5842] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5845] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file1", 0777) = 0 [pid 5845] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5845] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5845] chdir("./file1") = 0 [pid 5845] ioctl(6, LOOP_CLR_FD) = 0 [pid 5845] close(6) = 0 [pid 5845] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] exit_group(0 [pid 5846] <... futex resumed>) = ? [pid 5845] <... futex resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ [pid 5844] <... exit_group resumed>) = ? [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./208/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/bus") = 0 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 68.899818][ T5845] loop0: detected capacity change from 0 to 512 [ 68.928340][ T5845] EXT4-fs (loop0): 1 orphan inode deleted [ 68.934326][ T5845] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/208/file1 supports timestamps until 2038-01-19 (0x7fffffff) rmdir("./208/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5849] chdir("./209") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5849] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5849] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] set_robust_list(0x7f4380f929a0, 24 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... set_robust_list resumed>) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5850] <... memfd_create resumed>) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... mmap resumed>) = 0x7f4380f51000 [pid 5850] <... mmap resumed>) = 0x7f4378b51000 [pid 5849] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5849] <... mprotect resumed>) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5850] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5851 attached [pid 5850] munmap(0x7f4378b51000, 262144 [pid 5851] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5850] <... munmap resumed>) = 0 [pid 5849] <... clone3 resumed> => {parent_tid=[5851]}, 88) = 5851 [pid 5851] <... rseq resumed>) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] set_robust_list(0x7f4380f719a0, 24 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5851] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5849] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... open resumed>) = 4 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5850] ioctl(5, LOOP_SET_FD, 3 [pid 5851] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... ioctl resumed>) = 0 [pid 5850] close(3) = 0 [pid 5850] mkdir("./file1", 0777) = 0 [pid 5850] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5851] <... futex resumed>) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5851] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5851] fallocate(4, 0, 35143, 7 [pid 5849] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... fallocate resumed>) = 0 [pid 5851] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5851] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5849] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... mount resumed>) = 0 [pid 5851] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5851] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5849] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... write resumed>) = 262144 [pid 5851] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5851] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] <... mount resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5850] chdir("./file1") = 0 [pid 5850] ioctl(5, LOOP_CLR_FD) = 0 [pid 5850] close(5) = 0 [pid 5850] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5851] <... futex resumed>) = ? [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./209/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/bus") = 0 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 [ 69.006443][ T5850] loop0: detected capacity change from 0 to 512 [ 69.021344][ T5850] EXT4-fs (loop0): 1 orphan inode deleted [ 69.032964][ T5850] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/209/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./209/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x555556e0f690) = 5854 [pid 5854] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5854] chdir("./210") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5854] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5855 attached => {parent_tid=[5855]}, 88) = 5855 [pid 5855] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5855] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5855] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 1 [pid 5855] memfd_create("syzkaller", 0 [ 69.067952][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 69.077517][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5854] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] <... mmap resumed>) = 0x7f4380f51000 [pid 5854] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5855] <... mmap resumed>) = 0x7f4378b51000 [pid 5854] <... mprotect resumed>) = 0 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5854] <... clone3 resumed> => {parent_tid=[5856]}, 88) = 5856 [pid 5856] <... rseq resumed>) = 0 [pid 5856] set_robust_list(0x7f4380f719a0, 24 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] <... set_robust_list resumed>) = 0 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5856] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5855] <... write resumed>) = 262144 [pid 5854] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] munmap(0x7f4378b51000, 262144) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5856] <... open resumed>) = 4 [pid 5855] <... openat resumed>) = 5 [pid 5855] ioctl(5, LOOP_SET_FD, 3 [pid 5856] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5856] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3) = 0 [pid 5855] mkdir("./file1", 0777 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5856] fallocate(4, 0, 35143, 7 [pid 5854] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... mkdir resumed>) = 0 [pid 5855] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5856] <... fallocate resumed>) = 0 [pid 5856] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5856] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5856] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5854] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5856] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5854] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... open resumed>) = 3 [pid 5856] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5856] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5854] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] <... mount resumed>) = 0 [pid 5854] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5855] chdir("./file1") = 0 [pid 5855] ioctl(5, LOOP_CLR_FD) = 0 [pid 5855] close(5) = 0 [pid 5856] <... write resumed>) = 262144 [pid 5855] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5855] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5854] exit_group(0 [pid 5856] <... futex resumed>) = ? [pid 5855] <... futex resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ [pid 5854] <... exit_group resumed>) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./210/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/bus") = 0 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 [ 69.135941][ T5855] loop0: detected capacity change from 0 to 512 [ 69.151281][ T5855] EXT4-fs (loop0): 1 orphan inode deleted [ 69.157792][ T5855] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/210/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./210/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x555556e0f690) = 5859 [pid 5859] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5859] chdir("./211") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5859] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5859] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5860 attached [pid 5860] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5859] <... clone3 resumed> => {parent_tid=[5860]}, 88) = 5860 [pid 5860] <... rseq resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] set_robust_list(0x7f4380f929a0, 24 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] <... futex resumed>) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... mmap resumed>) = 0x7f4380f51000 [pid 5860] <... mmap resumed>) = 0x7f4378b51000 [pid 5859] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5859] <... mprotect resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5861 attached [ 69.192210][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 69.201846][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 5861] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5859] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] <... rseq resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] set_robust_list(0x7f4380f719a0, 24 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5859] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... open resumed>) = 4 [pid 5861] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] fallocate(4, 0, 35143, 7 [pid 5860] <... write resumed>) = 262144 [pid 5860] munmap(0x7f4378b51000, 262144) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5860] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5861] <... fallocate resumed>) = 0 [pid 5861] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] close(3) = 0 [pid 5859] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] mkdir("./file1", 0777 [pid 5861] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5859] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... mkdir resumed>) = 0 [pid 5859] <... futex resumed>) = 0 [pid 5861] <... mount resumed>) = 0 [pid 5860] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... futex resumed>) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5861] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5859] <... futex resumed>) = 1 [pid 5859] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... write resumed>) = 262144 [pid 5861] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5860] ioctl(5, LOOP_CLR_FD) = 0 [pid 5860] close(5) = 0 [pid 5860] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] exit_group(0) = ? [pid 5861] <... futex resumed>) = ? [pid 5861] +++ exited with 0 +++ [pid 5860] <... futex resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./211/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/bus") = 0 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5862 [pid 5862] chdir("./212") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5862] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5863]}, 88) = 5863 ./strace-static-x86_64: Process 5863 attached [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5863] <... rseq resumed>) = 0 [pid 5862] <... mmap resumed>) = 0x7f4380f51000 [pid 5863] set_robust_list(0x7f4380f929a0, 24 [pid 5862] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] <... mprotect resumed>) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5863] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5862] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] <... rseq resumed>) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... futex resumed>) = 0 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... memfd_create resumed>) = 4 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 69.258475][ T5860] loop0: detected capacity change from 0 to 512 [ 69.277075][ T5860] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5864] <... open resumed>) = 3 [pid 5864] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... futex resumed>) = 1 [pid 5864] fallocate(3, 0, 35143, 7 [pid 5863] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5863] munmap(0x7f4378b51000, 262144) = 0 [pid 5864] <... fallocate resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5864] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5864] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] <... futex resumed>) = 0 [pid 5864] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5863] <... openat resumed>) = 5 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... mount resumed>) = 0 [pid 5864] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] ioctl(5, LOOP_SET_FD, 4 [pid 5864] <... futex resumed>) = 1 [pid 5864] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5864] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... futex resumed>) = 1 [pid 5864] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5863] <... ioctl resumed>) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./file1", 0777) = 0 [pid 5863] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5864] <... write resumed>) = -1 EIO (Input/output error) [pid 5864] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5864] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(5, LOOP_CLR_FD) = 0 [pid 5863] close(5) = 0 [pid 5863] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] exit_group(0 [pid 5863] <... futex resumed>) = ? [pid 5862] <... exit_group resumed>) = ? [pid 5864] <... futex resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./212/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/bus") = 0 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5865 ./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5865] chdir("./213") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5865] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5865] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 69.345934][ T5863] loop0: detected capacity change from 0 to 512 [ 69.349764][ T5864] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 69.362577][ T5864] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 69.374204][ T5863] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5866 attached => {parent_tid=[5866]}, 88) = 5866 [pid 5866] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... rseq resumed>) = 0 [pid 5866] set_robust_list(0x7f4380f929a0, 24 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] <... futex resumed>) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] memfd_create("syzkaller", 0 [pid 5865] <... futex resumed>) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] <... memfd_create resumed>) = 3 [pid 5865] <... mmap resumed>) = 0x7f4380f51000 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5865] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5866] <... mmap resumed>) = 0x7f4378b51000 [pid 5865] <... mprotect resumed>) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5867] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5865] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5865] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5865] <... futex resumed>) = 1 [pid 5865] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5867] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] fallocate(4, 0, 35143, 7 [pid 5866] <... write resumed>) = 262144 [pid 5865] <... futex resumed>) = 0 [pid 5866] munmap(0x7f4378b51000, 262144 [pid 5865] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... munmap resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5866] ioctl(5, LOOP_SET_FD, 3 [pid 5867] <... fallocate resumed>) = 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5867] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] close(3 [pid 5867] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5866] <... close resumed>) = 0 [pid 5867] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] mkdir("./file1", 0777 [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5867] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5866] <... mkdir resumed>) = 0 [pid 5867] <... mount resumed>) = 0 [pid 5866] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5865] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5865] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... open resumed>) = 3 [pid 5865] <... futex resumed>) = 0 [pid 5867] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 0 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5867] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5865] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... write resumed>) = 262144 [pid 5867] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = 0 [pid 5866] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5866] ioctl(5, LOOP_CLR_FD) = 0 [pid 5866] close(5) = 0 [pid 5866] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] exit_group(0) = ? [pid 5866] <... futex resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5867] <... futex resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./213/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/bus") = 0 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5868] chdir("./214") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5868 [pid 5868] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5868] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [ 69.444070][ T5866] loop0: detected capacity change from 0 to 512 [ 69.456545][ T5866] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5869 attached => {parent_tid=[5869]}, 88) = 5869 [pid 5869] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] set_robust_list(0x7f4380f929a0, 24 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5868] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5868] <... mmap resumed>) = 0x7f4380f51000 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] <... mmap resumed>) = 0x7f4378b51000 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5870]}, 88) = 5870 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5870] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5870] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5869] <... write resumed>) = 262144 [pid 5869] munmap(0x7f4378b51000, 262144 [pid 5870] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] fallocate(4, 0, 35143, 7 [pid 5869] <... munmap resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5869] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] mkdir("./file1", 0777 [pid 5870] <... fallocate resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5870] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5870] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5870] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5870] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 1 [pid 5870] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5870] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5870] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5869] ioctl(5, LOOP_CLR_FD) = 0 [pid 5869] close(5) = 0 [pid 5869] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] exit_group(0 [pid 5869] <... futex resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5870] <... futex resumed>) = ? [pid 5868] <... exit_group resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./214/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/bus") = 0 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5871 ./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5871] chdir("./215") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5871] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5872 attached => {parent_tid=[5872]}, 88) = 5872 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5871] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5872] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5871] <... mprotect resumed>) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... rseq resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5871] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... rseq resumed>) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] set_robust_list(0x7f4380f719a0, 24 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5871] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... futex resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5872] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = 1 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] fallocate(3, 0, 35143, 7 [pid 5872] memfd_create("syzkaller", 0) = 4 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 69.518693][ T5869] loop0: detected capacity change from 0 to 512 [ 69.538927][ T5869] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5872] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5873] <... fallocate resumed>) = 0 [pid 5872] <... write resumed>) = 262144 [pid 5873] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] munmap(0x7f4378b51000, 262144 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... mount resumed>) = 0 [pid 5872] <... munmap resumed>) = 0 [pid 5873] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... futex resumed>) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5873] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... openat resumed>) = 5 [pid 5873] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 5872] ioctl(5, LOOP_SET_FD, 4 [pid 5873] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5873] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5873] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5871] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file1", 0777) = 0 [pid 5872] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5873] <... write resumed>) = -1 EIO (Input/output error) [pid 5873] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5873] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5872] ioctl(5, LOOP_CLR_FD) = 0 [pid 5872] close(5) = 0 [pid 5872] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5873] <... futex resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./215/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/bus") = 0 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 [ 69.603712][ T5872] loop0: detected capacity change from 0 to 512 [ 69.613545][ T5873] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 69.623414][ T5873] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 69.638840][ T5872] EXT4-fs (loop0): VFS: Can't find ext4 filesystem openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached , child_tidptr=0x555556e0f690) = 5874 [pid 5874] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5874] chdir("./216") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5874] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5875 attached => {parent_tid=[5875]}, 88) = 5875 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5874] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5874] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5876 attached => {parent_tid=[5876]}, 88) = 5876 [pid 5876] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... rseq resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] set_robust_list(0x7f4380f719a0, 24 [pid 5874] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5874] <... futex resumed>) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5874] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5875] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5876] <... open resumed>) = 3 [pid 5875] set_robust_list(0x7f4380f929a0, 24 [pid 5876] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5874] <... futex resumed>) = 0 [pid 5876] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] fallocate(3, 0, 35143, 7 [pid 5874] <... futex resumed>) = 0 [pid 5874] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5875] memfd_create("syzkaller", 0) = 4 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5875] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5876] <... fallocate resumed>) = 0 [pid 5875] <... write resumed>) = 262144 [pid 5876] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] munmap(0x7f4378b51000, 262144 [pid 5876] <... futex resumed>) = 1 [pid 5876] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] <... futex resumed>) = 0 [pid 5875] <... munmap resumed>) = 0 [pid 5874] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] <... futex resumed>) = 1 [pid 5876] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5874] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... mount resumed>) = 0 [pid 5875] <... openat resumed>) = 5 [pid 5876] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] ioctl(5, LOOP_SET_FD, 4 [pid 5874] <... futex resumed>) = 0 [pid 5876] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5876] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5874] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... open resumed>) = 6 [pid 5875] <... ioctl resumed>) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file1", 0777 [pid 5876] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5876] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5876] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5875] <... mkdir resumed>) = 0 [pid 5875] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5874] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... write resumed>) = 262144 [pid 5876] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5876] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5875] ioctl(5, LOOP_CLR_FD) = 0 [pid 5875] close(5) = 0 [pid 5875] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] exit_group(0 [pid 5876] <... futex resumed>) = ? [pid 5874] <... exit_group resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ [pid 5874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./216/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/bus") = 0 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 umount2("./216/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 [ 69.718490][ T5875] loop0: detected capacity change from 0 to 512 [ 69.733025][ T5875] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5877] chdir("./217") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5877 [pid 5877] <... prctl resumed>) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5877] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5878 attached [pid 5878] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5877] <... clone3 resumed> => {parent_tid=[5878]}, 88) = 5878 [pid 5878] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] memfd_create("syzkaller", 0 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] <... mmap resumed>) = 0x7f4380f51000 [pid 5878] <... mmap resumed>) = 0x7f4378b51000 [pid 5877] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5877] <... mprotect resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5879 attached => {parent_tid=[5879]}, 88) = 5879 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5877] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... write resumed>) = 262144 [pid 5878] munmap(0x7f4378b51000, 262144 [pid 5879] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5879] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5879] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5878] <... munmap resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5878] ioctl(5, LOOP_SET_FD, 3 [pid 5879] <... open resumed>) = 4 [pid 5879] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] fallocate(4, 0, 35143, 7 [pid 5877] <... futex resumed>) = 1 [pid 5877] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... ioctl resumed>) = 0 [pid 5878] close(3) = 0 [pid 5878] mkdir("./file1", 0777) = 0 [pid 5878] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5879] <... fallocate resumed>) = 0 [pid 5879] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5877] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... mount resumed>) = 0 [pid 5879] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5877] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5877] <... futex resumed>) = 0 [pid 5879] <... open resumed>) = 3 [pid 5877] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [pid 5877] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5877] <... futex resumed>) = 0 [pid 5879] <... write resumed>) = 262144 [pid 5877] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5878] ioctl(5, LOOP_CLR_FD) = 0 [pid 5878] close(5) = 0 [pid 5878] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] exit_group(0) = ? [pid 5878] <... futex resumed>) = ? [pid 5879] <... futex resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./217/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/bus") = 0 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x555556e0f690) = 5880 [pid 5880] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5880] chdir("./218") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5880] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5881 attached => {parent_tid=[5881]}, 88) = 5881 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5880] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5880] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5881] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [ 69.802842][ T5878] loop0: detected capacity change from 0 to 512 [ 69.821068][ T5878] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5880] <... mprotect resumed>) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5881] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 5882 attached [pid 5881] set_robust_list(0x7f4380f929a0, 24 [pid 5882] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5880] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... rseq resumed>) = 0 [pid 5882] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... open resumed>) = 3 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] memfd_create("syzkaller", 0 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 1 [pid 5882] fallocate(3, 0, 35143, 7 [pid 5881] <... memfd_create resumed>) = 4 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5882] <... fallocate resumed>) = 0 [pid 5881] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5882] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5882] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5881] <... write resumed>) = 262144 [pid 5881] munmap(0x7f4378b51000, 262144 [pid 5882] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5882] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5880] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... open resumed>) = 5 [pid 5882] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... munmap resumed>) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] <... futex resumed>) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5882] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [pid 5882] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5881] <... openat resumed>) = 6 [pid 5880] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5881] ioctl(6, LOOP_SET_FD, 4 [pid 5882] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5882] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] <... ioctl resumed>) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file1", 0777) = 0 [pid 5881] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5881] chdir("./file1") = 0 [pid 5881] ioctl(6, LOOP_CLR_FD) = 0 [pid 5881] close(6) = 0 [pid 5881] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] exit_group(0 [pid 5881] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5882] <... futex resumed>) = ? [pid 5881] +++ exited with 0 +++ [pid 5880] <... exit_group resumed>) = ? [pid 5882] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./218/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/bus") = 0 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5885] chdir("./219") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5885] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [ 69.896602][ T5881] loop0: detected capacity change from 0 to 512 [ 69.910586][ T5881] EXT4-fs (loop0): 1 orphan inode deleted [ 69.916421][ T5881] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/218/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5885] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5886]}, 88) = 5886 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5885] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5885] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5886 attached ./strace-static-x86_64: Process 5887 attached [pid 5886] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5886] set_robust_list(0x7f4380f929a0, 24 [pid 5885] <... clone3 resumed> => {parent_tid=[5887]}, 88) = 5887 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5887] <... rseq resumed>) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] set_robust_list(0x7f4380f719a0, 24 [pid 5886] memfd_create("syzkaller", 0 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5885] <... futex resumed>) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5886] <... mmap resumed>) = 0x7f4378b51000 [pid 5887] <... open resumed>) = 4 [pid 5887] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... futex resumed>) = 1 [pid 5887] fallocate(4, 0, 35143, 7 [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5887] <... fallocate resumed>) = 0 [pid 5887] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] munmap(0x7f4378b51000, 262144 [pid 5885] <... futex resumed>) = 0 [pid 5887] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] <... futex resumed>) = 0 [pid 5887] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5885] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... mount resumed>) = 0 [pid 5887] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5887] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5885] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... open resumed>) = 5 [pid 5887] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... munmap resumed>) = 0 [pid 5885] <... futex resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5887] <... futex resumed>) = 1 [pid 5885] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5885] <... futex resumed>) = 0 [pid 5887] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5886] <... openat resumed>) = 6 [pid 5885] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] ioctl(6, LOOP_SET_FD, 3 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... ioctl resumed>) = 0 [pid 5886] close(3) = 0 [pid 5886] mkdir("./file1", 0777) = 0 [pid 5886] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./file1") = 0 [pid 5886] ioctl(6, LOOP_CLR_FD) = 0 [pid 5886] close(6) = 0 [pid 5886] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] exit_group(0 [pid 5887] <... futex resumed>) = ? [pid 5886] <... futex resumed>) = ? [pid 5885] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./219/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/bus") = 0 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached , child_tidptr=0x555556e0f690) = 5890 [pid 5890] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5890] chdir("./220") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5890] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5891]}, 88) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5890] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5890] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5891] <... rseq resumed>) = 0 [pid 5891] set_robust_list(0x7f4380f929a0, 24./strace-static-x86_64: Process 5892 attached ) = 0 [pid 5890] <... clone3 resumed> => {parent_tid=[5892]}, 88) = 5892 [pid 5892] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] <... rseq resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] set_robust_list(0x7f4380f719a0, 24 [pid 5890] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] memfd_create("syzkaller", 0) = 4 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5892] <... open resumed>) = 3 [pid 5892] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... mmap resumed>) = 0x7f4378b51000 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] fallocate(3, 0, 35143, 7 [pid 5890] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5892] <... fallocate resumed>) = 0 [pid 5892] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5890] <... futex resumed>) = 0 [pid 5892] <... mount resumed>) = 0 [pid 5890] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5892] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [ 69.995229][ T5886] loop0: detected capacity change from 0 to 512 [ 70.009681][ T5886] EXT4-fs (loop0): 1 orphan inode deleted [ 70.015414][ T5886] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/219/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5892] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5890] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... write resumed>) = 262144 [pid 5891] munmap(0x7f4378b51000, 262144) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5891] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5891] ioctl(6, LOOP_CLR_FD) = 0 [pid 5892] <... write resumed>) = 262144 [pid 5891] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5891] close(6) = 0 [pid 5891] close(4 [pid 5892] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... close resumed>) = 0 [pid 5891] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... futex resumed>) = 1 [pid 5892] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] exit_group(0) = ? [pid 5891] <... futex resumed>) = ? [pid 5892] <... futex resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 4 entries */, 32768) = 104 umount2("./220/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/bus") = 0 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x555556e0f690) = 5893 [pid 5893] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5893] chdir("./221") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5893] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5894 attached => {parent_tid=[5894]}, 88) = 5894 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5894] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5893] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... rseq resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5894] set_robust_list(0x7f4380f929a0, 24 [pid 5893] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5894] memfd_create("syzkaller", 0 [pid 5893] <... mmap resumed>) = 0x7f4380f51000 [pid 5894] <... memfd_create resumed>) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5893] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5894] <... mmap resumed>) = 0x7f4378b51000 [pid 5893] <... mprotect resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5895] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5893] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5895] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... open resumed>) = 4 [pid 5895] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 1 [pid 5895] fallocate(4, 0, 35143, 7 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... fallocate resumed>) = 0 [pid 5895] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... write resumed>) = 262144 [pid 5893] <... futex resumed>) = 0 [pid 5894] munmap(0x7f4378b51000, 262144 [pid 5895] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... munmap resumed>) = 0 [pid 5893] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5893] <... futex resumed>) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5894] <... openat resumed>) = 5 [pid 5893] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] ioctl(5, LOOP_SET_FD, 3 [pid 5895] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... ioctl resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5895] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5893] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... open resumed>) = 6 [pid 5895] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] <... futex resumed>) = 0 [pid 5893] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5894] close(3 [pid 5893] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... close resumed>) = 0 [pid 5895] <... write resumed>) = 262144 [pid 5894] mkdir("./file1", 0777 [pid 5895] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5895] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... mkdir resumed>) = 0 [pid 5894] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 5894] ioctl(5, LOOP_CLR_FD) = 0 [pid 5894] close(5) = 0 [pid 5894] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] exit_group(0 [pid 5894] <... futex resumed>) = ? [pid 5895] <... futex resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5893] <... exit_group resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./221/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/bus") = 0 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5896 attached , child_tidptr=0x555556e0f690) = 5896 [pid 5896] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5896] chdir("./222") = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5896] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 70.130396][ T5894] loop0: detected capacity change from 0 to 512 [ 70.163678][ T5894] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5897]}, 88) = 5897 ./strace-static-x86_64: Process 5897 attached [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] <... rseq resumed>) = 0 [pid 5896] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5896] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5898 attached [pid 5897] set_robust_list(0x7f4380f929a0, 24 [pid 5898] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5896] <... clone3 resumed> => {parent_tid=[5898]}, 88) = 5898 [pid 5898] <... rseq resumed>) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] set_robust_list(0x7f4380f719a0, 24 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5896] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5896] <... futex resumed>) = 0 [pid 5898] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5896] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] memfd_create("syzkaller", 0 [pid 5898] <... open resumed>) = 3 [pid 5897] <... memfd_create resumed>) = 4 [pid 5898] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] <... futex resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5896] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] fallocate(3, 0, 35143, 7 [pid 5896] <... futex resumed>) = 0 [pid 5897] <... mmap resumed>) = 0x7f4378b51000 [pid 5896] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5898] <... fallocate resumed>) = 0 [pid 5898] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5898] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5898] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5896] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... mount resumed>) = 0 [pid 5897] <... write resumed>) = 262144 [pid 5898] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5898] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5898] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5896] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... open resumed>) = 5 [pid 5897] munmap(0x7f4378b51000, 262144 [pid 5898] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... munmap resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5898] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5898] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5896] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5897] <... openat resumed>) = 6 [pid 5898] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] ioctl(6, LOOP_SET_FD, 4 [pid 5896] <... futex resumed>) = 0 [pid 5898] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... ioctl resumed>) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file1", 0777) = 0 [pid 5897] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5897] chdir("./file1") = 0 [pid 5897] ioctl(6, LOOP_CLR_FD) = 0 [pid 5897] close(6) = 0 [pid 5897] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] exit_group(0 [pid 5897] <... futex resumed>) = ? [pid 5898] <... futex resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5896] <... exit_group resumed>) = ? [pid 5898] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./222/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/bus") = 0 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached [pid 5901] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5901 [pid 5901] chdir("./223") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [ 70.235797][ T5897] loop0: detected capacity change from 0 to 512 [ 70.249519][ T5897] EXT4-fs (loop0): 1 orphan inode deleted [ 70.255276][ T5897] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5901] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5902 attached => {parent_tid=[5902]}, 88) = 5902 [pid 5902] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] set_robust_list(0x7f4380f929a0, 24 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] <... futex resumed>) = 0 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] memfd_create("syzkaller", 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5901] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5902] <... memfd_create resumed>) = 3 [pid 5901] <... mprotect resumed>) = 0 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5903]}, 88) = 5903 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5901] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5901] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5903] set_robust_list(0x7f4380f719a0, 24 [pid 5901] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... set_robust_list resumed>) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5903] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5903] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5903] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] fallocate(4, 0, 35143, 7 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... write resumed>) = 262144 [pid 5902] munmap(0x7f4378b51000, 262144 [pid 5903] <... fallocate resumed>) = 0 [pid 5903] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5903] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5903] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5902] <... munmap resumed>) = 0 [pid 5901] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] <... mount resumed>) = 0 [pid 5903] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... openat resumed>) = 5 [pid 5901] <... futex resumed>) = 0 [pid 5903] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] ioctl(5, LOOP_SET_FD, 3 [pid 5901] <... futex resumed>) = 0 [pid 5903] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5901] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... open resumed>) = 6 [pid 5903] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5901] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5902] <... ioctl resumed>) = 0 [pid 5902] close(3) = 0 [pid 5902] mkdir("./file1", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5903] <... write resumed>) = -1 EIO (Input/output error) [pid 5903] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5902] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5902] ioctl(5, LOOP_CLR_FD) = 0 [pid 5902] close(5) = 0 [pid 5902] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5902] <... futex resumed>) = ? [pid 5901] <... exit_group resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./223/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/bus") = 0 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5904 ./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5904] chdir("./224") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 70.334829][ T5902] loop0: detected capacity change from 0 to 512 [ 70.339340][ T5903] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 70.350994][ T5903] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 70.362041][ T5902] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5904] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] <... rseq resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] set_robust_list(0x7f4380f929a0, 24 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] memfd_create("syzkaller", 0 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] <... memfd_create resumed>) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5904] <... mmap resumed>) = 0x7f4378b51000 [pid 5904] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5906 attached => {parent_tid=[5906]}, 88) = 5906 [pid 5906] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5905] <... write resumed>) = 262144 [pid 5906] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5906] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] munmap(0x7f4378b72000, 262144) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] close(3 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] <... close resumed>) = 0 [pid 5904] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] mkdir("./file1", 0777 [pid 5904] <... futex resumed>) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5906] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5905] <... mkdir resumed>) = 0 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5905] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5904] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 1 [pid 5906] fallocate(3, 0, 35143, 7) = 0 [pid 5906] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5906] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5906] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5906] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5906] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5904] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... write resumed>) = 262144 [pid 5906] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = 0 [pid 5905] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5905] ioctl(4, LOOP_CLR_FD) = 0 [pid 5905] close(4) = 0 [pid 5905] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0 [pid 5906] <... futex resumed>) = ? [pid 5905] <... futex resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5904] <... exit_group resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./224/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/bus") = 0 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x555556e0f690) = 5907 [pid 5907] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5907] chdir("./225") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [ 70.424345][ T5905] loop0: detected capacity change from 0 to 512 [ 70.447397][ T5905] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5907] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5908]}, 88) = 5908 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5907] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5907] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5908 attached [pid 5908] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 5909 attached ) = 0 [pid 5909] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5908] set_robust_list(0x7f4380f929a0, 24 [pid 5909] <... rseq resumed>) = 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5909] set_robust_list(0x7f4380f719a0, 24 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] memfd_create("syzkaller", 0 [pid 5907] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5908] <... memfd_create resumed>) = 4 [pid 5909] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... mmap resumed>) = 0x7f4378b51000 [pid 5909] fallocate(3, 0, 35143, 7 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5909] <... fallocate resumed>) = 0 [pid 5908] <... write resumed>) = 262144 [pid 5908] munmap(0x7f4378b51000, 262144 [pid 5909] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... munmap resumed>) = 0 [pid 5907] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... mount resumed>) = 0 [pid 5908] <... openat resumed>) = 5 [pid 5909] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] ioctl(5, LOOP_SET_FD, 4 [pid 5909] <... futex resumed>) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5908] <... ioctl resumed>) = 0 [pid 5908] close(4) = 0 [pid 5908] mkdir("./file1", 0777 [pid 5909] <... open resumed>) = 4 [pid 5909] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... mkdir resumed>) = 0 [pid 5908] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5909] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5909] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5909] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5908] ioctl(5, LOOP_CLR_FD) = 0 [pid 5908] close(5) = 0 [pid 5908] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] exit_group(0 [pid 5909] <... futex resumed>) = ? [pid 5909] +++ exited with 0 +++ [pid 5908] <... futex resumed>) = ? [pid 5907] <... exit_group resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./225/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/bus") = 0 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5910 ./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5910] chdir("./226") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5910] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5911 attached => {parent_tid=[5911]}, 88) = 5911 [pid 5911] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5911] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [ 70.519789][ T5908] loop0: detected capacity change from 0 to 512 [ 70.529664][ T5908] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 70.539803][ T5908] EXT4-fs (loop0): group descriptors corrupted! [pid 5910] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5910] <... futex resumed>) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5910] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5912 attached [pid 5911] <... write resumed>) = 262144 [pid 5910] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5911] munmap(0x7f4378b72000, 262144 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... munmap resumed>) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5910] <... futex resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5911] ioctl(5, LOOP_SET_FD, 3 [pid 5910] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... ioctl resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5912] fallocate(4, 0, 35143, 7 [pid 5910] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] close(3) = 0 [pid 5911] mkdir("./file1", 0777) = 0 [pid 5911] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5912] <... fallocate resumed>) = 0 [pid 5912] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5910] <... futex resumed>) = 0 [pid 5912] <... mount resumed>) = 0 [pid 5910] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5912] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5910] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... open resumed>) = 3 [pid 5912] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5912] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5910] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... write resumed>) = 262144 [pid 5912] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5911] ioctl(5, LOOP_CLR_FD) = 0 [pid 5911] close(5) = 0 [pid 5911] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0 [pid 5912] <... futex resumed>) = ? [pid 5911] <... futex resumed>) = ? [pid 5910] <... exit_group resumed>) = ? [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./226/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/bus") = 0 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x555556e0f690) = 5913 [pid 5913] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5913] chdir("./227") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5913] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5913] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5914]}, 88) = 5914 ./strace-static-x86_64: Process 5914 attached [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5914] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5913] <... mmap resumed>) = 0x7f4380f51000 [pid 5914] <... rseq resumed>) = 0 [pid 5914] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] <... mprotect resumed>) = 0 [pid 5914] memfd_create("syzkaller", 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5913] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5914] <... memfd_create resumed>) = 3 [pid 5915] <... rseq resumed>) = 0 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] set_robust_list(0x7f4380f719a0, 24 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] <... set_robust_list resumed>) = 0 [pid 5913] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] <... mmap resumed>) = 0x7f4378b51000 [pid 5913] <... futex resumed>) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 70.608562][ T5911] loop0: detected capacity change from 0 to 512 [ 70.628189][ T5911] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5915] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5915] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5913] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] fallocate(4, 0, 35143, 7 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5914] munmap(0x7f4378b51000, 262144) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5915] <... fallocate resumed>) = 0 [pid 5915] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... openat resumed>) = 5 [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] ioctl(5, LOOP_SET_FD, 3 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5913] <... futex resumed>) = 1 [pid 5915] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5915] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... ioctl resumed>) = 0 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] close(3 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] <... close resumed>) = 0 [pid 5913] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] mkdir("./file1", 0777 [pid 5913] <... futex resumed>) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5913] <... futex resumed>) = 0 [pid 5914] <... mkdir resumed>) = 0 [pid 5913] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5915] <... write resumed>) = 262144 [pid 5915] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5914] ioctl(5, LOOP_CLR_FD) = 0 [pid 5914] close(5) = 0 [pid 5914] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] exit_group(0) = ? [pid 5915] <... futex resumed>) = ? [pid 5914] <... futex resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./227/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/bus") = 0 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached , child_tidptr=0x555556e0f690) = 5916 [pid 5916] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5916] chdir("./228") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5916] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5916] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5917]}, 88) = 5917 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5916] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5917 attached ) = 0 [pid 5916] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5916] <... futex resumed>) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5916] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] <... rseq resumed>) = 0 [ 70.692618][ T5914] loop0: detected capacity change from 0 to 512 [ 70.708826][ T5914] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5917] set_robust_list(0x7f4380f929a0, 24 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5917] <... set_robust_list resumed>) = 0 [pid 5916] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5918 attached [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5918] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5917] <... mmap resumed>) = 0x7f4378b51000 [pid 5916] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] <... rseq resumed>) = 0 [pid 5918] set_robust_list(0x7f4380f719a0, 24 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... set_robust_list resumed>) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... open resumed>) = 4 [pid 5918] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5918] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5918] fallocate(4, 0, 35143, 7 [pid 5916] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... write resumed>) = 262144 [pid 5917] munmap(0x7f4378b51000, 262144) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5918] <... fallocate resumed>) = 0 [pid 5917] ioctl(5, LOOP_SET_FD, 3 [pid 5918] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5918] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5918] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5916] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... mount resumed>) = 0 [pid 5917] <... ioctl resumed>) = 0 [pid 5917] close(3) = 0 [pid 5917] mkdir("./file1", 0777 [pid 5918] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5918] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5918] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5916] <... futex resumed>) = 1 [pid 5918] <... open resumed>) = 3 [pid 5917] <... mkdir resumed>) = 0 [pid 5917] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5916] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5918] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5916] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... write resumed>) = 262144 [pid 5918] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5918] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] <... mount resumed>) = 0 [pid 5917] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5917] chdir("./file1") = 0 [pid 5917] ioctl(5, LOOP_CLR_FD) = 0 [pid 5917] close(5) = 0 [pid 5917] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... futex resumed>) = ? [pid 5916] <... exit_group resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5918] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./228/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/bus") = 0 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 [ 70.763438][ T5917] loop0: detected capacity change from 0 to 512 [ 70.790134][ T5917] EXT4-fs (loop0): 1 orphan inode deleted [ 70.795886][ T5917] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/228/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./228/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5921] chdir("./229") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5921] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5922 attached [pid 5922] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5921] <... clone3 resumed> => {parent_tid=[5922]}, 88) = 5922 [pid 5922] set_robust_list(0x7f4380f929a0, 24 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... set_robust_list resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5922] memfd_create("syzkaller", 0 [pid 5921] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5922] <... memfd_create resumed>) = 3 [pid 5921] <... mmap resumed>) = 0x7f4380f51000 [pid 5921] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5923] set_robust_list(0x7f4380f719a0, 24 [pid 5921] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5921] <... futex resumed>) = 0 [pid 5923] <... open resumed>) = 4 [pid 5921] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... write resumed>) = 262144 [pid 5923] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] fallocate(4, 0, 35143, 7 [pid 5922] munmap(0x7f4378b51000, 262144) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5922] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] mkdir("./file1", 0777 [pid 5923] <... fallocate resumed>) = 0 [pid 5922] <... mkdir resumed>) = 0 [pid 5923] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5921] <... futex resumed>) = 0 [pid 5923] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5923] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5921] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... mount resumed>) = 0 [pid 5923] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5923] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5923] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5923] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5923] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] <... futex resumed>) = 0 [pid 5922] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5922] ioctl(5, LOOP_CLR_FD) = 0 [pid 5922] close(5) = 0 [pid 5922] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] exit_group(0 [pid 5923] <... futex resumed>) = ? [pid 5921] <... exit_group resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5922] <... futex resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./229/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/bus") = 0 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 70.877552][ T5922] loop0: detected capacity change from 0 to 512 [ 70.890915][ T5922] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 70.917202][ T5922] EXT4-fs (loop0): group descriptors corrupted! clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5924 ./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5924] chdir("./230") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5924] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5925 attached [pid 5925] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5924] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] <... rseq resumed>) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5925] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5925] memfd_create("syzkaller", 0 [pid 5924] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... memfd_create resumed>) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5924] <... futex resumed>) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5925] <... mmap resumed>) = 0x7f4378b72000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5924] <... mmap resumed>) = 0x7f4378b51000 [pid 5924] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5926 attached => {parent_tid=[5926]}, 88) = 5926 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5924] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5924] <... futex resumed>) = 0 [pid 5926] <... rseq resumed>) = 0 [pid 5926] set_robust_list(0x7f4378b719a0, 24 [pid 5924] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... set_robust_list resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5925] <... write resumed>) = 262144 [pid 5926] <... open resumed>) = 4 [pid 5926] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5926] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] munmap(0x7f4378b72000, 262144 [pid 5924] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] fallocate(4, 0, 35143, 7 [pid 5925] <... munmap resumed>) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5925] ioctl(5, LOOP_SET_FD, 3 [pid 5926] <... fallocate resumed>) = 0 [pid 5926] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... ioctl resumed>) = 0 [pid 5924] <... futex resumed>) = 0 [pid 5926] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] close(3 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5925] <... close resumed>) = 0 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] mkdir("./file1", 0777 [pid 5926] <... mount resumed>) = 0 [pid 5925] <... mkdir resumed>) = 0 [pid 5926] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5924] <... futex resumed>) = 0 [pid 5926] <... open resumed>) = 3 [pid 5925] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5924] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5926] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5926] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5924] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... write resumed>) = 262144 [pid 5926] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5926] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5925] ioctl(5, LOOP_CLR_FD) = 0 [pid 5925] close(5) = 0 [pid 5925] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] exit_group(0 [pid 5926] <... futex resumed>) = ? [pid 5924] <... exit_group resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5925] <... futex resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./230/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/bus") = 0 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 umount2("./230/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5927 ./strace-static-x86_64: Process 5927 attached [pid 5927] set_robust_list(0x555556e0f6a0, 24) = 0 [ 70.989303][ T5925] loop0: detected capacity change from 0 to 512 [ 71.006366][ T5925] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 71.016845][ T5925] EXT4-fs (loop0): group descriptors corrupted! [pid 5927] chdir("./231") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5927] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5927] <... clone3 resumed> => {parent_tid=[5928]}, 88) = 5928 [pid 5928] <... rseq resumed>) = 0 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5927] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5928] set_robust_list(0x7f4380f929a0, 24 [pid 5927] <... mprotect resumed>) = 0 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5929 attached [pid 5928] memfd_create("syzkaller", 0 [pid 5927] <... clone3 resumed> => {parent_tid=[5929]}, 88) = 5929 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5929] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5928] <... memfd_create resumed>) = 3 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5928] <... mmap resumed>) = 0x7f4378b51000 [pid 5929] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5929] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] <... futex resumed>) = 0 [pid 5929] fallocate(4, 0, 35143, 7 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5928] munmap(0x7f4378b51000, 262144) = 0 [pid 5929] <... fallocate resumed>) = 0 [pid 5929] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... openat resumed>) = 5 [pid 5927] <... futex resumed>) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5928] ioctl(5, LOOP_SET_FD, 3 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... mount resumed>) = 0 [pid 5929] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... ioctl resumed>) = 0 [pid 5927] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5929] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5928] close(3 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... open resumed>) = 6 [pid 5928] <... close resumed>) = 0 [pid 5929] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] mkdir("./file1", 0777 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5929] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5927] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... mkdir resumed>) = 0 [pid 5928] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5929] <... write resumed>) = 262144 [pid 5929] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5929] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5928] ioctl(5, LOOP_CLR_FD) = 0 [pid 5928] close(5) = 0 [pid 5928] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] exit_group(0 [pid 5928] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] <... futex resumed>) = ? [pid 5927] <... exit_group resumed>) = ? [pid 5929] +++ exited with 0 +++ [pid 5928] <... futex resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./231/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/bus") = 0 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x555556e0f690) = 5930 [pid 5930] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5930] chdir("./232") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5930] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5930] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5931 attached => {parent_tid=[5931]}, 88) = 5931 [ 71.090796][ T5928] loop0: detected capacity change from 0 to 512 [ 71.107460][ T5928] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5931] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] memfd_create("syzkaller", 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... memfd_create resumed>) = 3 [pid 5930] <... futex resumed>) = 0 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5931] <... mmap resumed>) = 0x7f4378b72000 [pid 5930] <... mmap resumed>) = 0x7f4378b51000 [pid 5930] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5932]}, 88) = 5932 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5932 attached [pid 5931] <... write resumed>) = 262144 [pid 5931] munmap(0x7f4378b72000, 262144 [pid 5932] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5931] <... munmap resumed>) = 0 [pid 5932] <... rseq resumed>) = 0 [pid 5932] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5931] <... openat resumed>) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5932] <... open resumed>) = 5 [pid 5931] <... ioctl resumed>) = 0 [pid 5931] close(3) = 0 [pid 5931] mkdir("./file1", 0777 [pid 5932] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5932] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] fallocate(5, 0, 35143, 7 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... mkdir resumed>) = 0 [pid 5931] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5932] <... fallocate resumed>) = 0 [pid 5932] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 1 [pid 5932] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5932] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 1 [pid 5932] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5932] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 1 [pid 5932] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5932] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] <... futex resumed>) = 0 [ 71.162405][ T5931] loop0: detected capacity change from 0 to 512 [ 71.178865][ T5933] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 71.182308][ T5931] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 71.204392][ T5931] EXT4-fs (loop0): get root inode failed [pid 5931] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5931] ioctl(4, LOOP_CLR_FD) = 0 [pid 5931] close(4) = 0 [pid 5931] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] exit_group(0 [pid 5932] <... futex resumed>) = ? [pid 5930] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5931] <... futex resumed>) = ? [pid 5931] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./232/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/bus") = 0 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5935] chdir("./233") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 5935 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5935] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5935] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] <... rseq resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] set_robust_list(0x7f4380f929a0, 24 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.210611][ T5931] EXT4-fs (loop0): mount failed [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5936] <... memfd_create resumed>) = 3 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5937 attached ) = 0x7f4378b51000 [pid 5937] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5935] <... clone3 resumed> => {parent_tid=[5937]}, 88) = 5937 [pid 5937] <... rseq resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] set_robust_list(0x7f4380f719a0, 24 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5935] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... futex resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5937] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5937] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5937] fallocate(4, 0, 35143, 7 [pid 5936] <... write resumed>) = 262144 [pid 5935] <... futex resumed>) = 0 [pid 5936] munmap(0x7f4378b51000, 262144 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... munmap resumed>) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5936] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] mkdir("./file1", 0777) = 0 [pid 5937] <... fallocate resumed>) = 0 [pid 5936] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5937] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5937] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5937] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5937] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5935] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... write resumed>) = 262144 [pid 5937] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5937] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5936] ioctl(5, LOOP_CLR_FD) = 0 [pid 5936] close(5) = 0 [pid 5936] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0 [pid 5937] <... futex resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] <... futex resumed>) = ? [pid 5936] +++ exited with 0 +++ [pid 5935] <... exit_group resumed>) = ? [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./233/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/bus") = 0 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 umount2("./233/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5938 ./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5938] chdir("./234") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5938] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 71.265734][ T5936] loop0: detected capacity change from 0 to 512 [ 71.287025][ T5936] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] <... rseq resumed>) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] set_robust_list(0x7f4380f929a0, 24 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5938] <... futex resumed>) = 0 [pid 5939] memfd_create("syzkaller", 0 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... memfd_create resumed>) = 3 [pid 5938] <... futex resumed>) = 0 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5939] <... mmap resumed>) = 0x7f4378b72000 [pid 5938] <... mmap resumed>) = 0x7f4378b51000 [pid 5938] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 5940 attached [pid 5940] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5938] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] <... rseq resumed>) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] set_robust_list(0x7f4378b719a0, 24 [pid 5939] <... write resumed>) = 262144 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5939] munmap(0x7f4378b72000, 262144 [pid 5938] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... futex resumed>) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5939] <... munmap resumed>) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5940] <... open resumed>) = 4 [pid 5940] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... openat resumed>) = 5 [pid 5938] <... futex resumed>) = 0 [pid 5940] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5940] fallocate(4, 0, 35143, 7 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] ioctl(5, LOOP_SET_FD, 3 [pid 5940] <... fallocate resumed>) = 0 [pid 5940] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5940] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5938] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] <... mount resumed>) = 0 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5938] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5938] <... futex resumed>) = 0 [pid 5940] <... open resumed>) = 6 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5940] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5938] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... ioctl resumed>) = 0 [pid 5939] close(3) = 0 [pid 5939] mkdir("./file1", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... write resumed>) = 262144 [pid 5940] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5940] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5939] ioctl(5, LOOP_CLR_FD) = 0 [pid 5939] close(5) = 0 [pid 5939] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] exit_group(0 [pid 5940] <... futex resumed>) = ? [pid 5939] <... futex resumed>) = ? [pid 5938] <... exit_group resumed>) = ? [pid 5939] +++ exited with 0 +++ [pid 5940] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./234/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/bus") = 0 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 umount2("./234/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x555556e0f690) = 5941 [pid 5941] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5941] chdir("./235") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [ 71.362977][ T5939] loop0: detected capacity change from 0 to 512 [ 71.381621][ T5939] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5941] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5942]}, 88) = 5942 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5941] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5942] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] <... mprotect resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] <... memfd_create resumed>) = 3 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 ./strace-static-x86_64: Process 5943 attached [pid 5941] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5943] <... rseq resumed>) = 0 [pid 5943] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5942] <... write resumed>) = 262144 [pid 5942] munmap(0x7f4378b51000, 262144) = 0 [pid 5943] <... open resumed>) = 4 [pid 5943] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5943] <... futex resumed>) = 1 [pid 5943] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... openat resumed>) = 5 [pid 5942] ioctl(5, LOOP_SET_FD, 3 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 0 [pid 5943] fallocate(4, 0, 35143, 7 [pid 5942] <... ioctl resumed>) = 0 [pid 5942] close(3) = 0 [pid 5942] mkdir("./file1", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5943] <... fallocate resumed>) = 0 [pid 5943] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5941] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... mount resumed>) = 0 [pid 5943] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5943] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5941] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] <... open resumed>) = 3 [pid 5941] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... write resumed>) = 262144 [pid 5943] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5943] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... mount resumed>) = 0 [pid 5942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5942] chdir("./file1") = 0 [pid 5942] ioctl(5, LOOP_CLR_FD) = 0 [pid 5942] close(5) = 0 [pid 5942] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] exit_group(0) = ? [pid 5942] <... futex resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./235/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/bus") = 0 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 umount2("./235/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5946 ./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5946] chdir("./236") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5946] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5947 attached [pid 5947] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5946] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5947] <... rseq resumed>) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5947] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5947] <... mmap resumed>) = 0x7f4378b72000 [pid 5946] <... mmap resumed>) = 0x7f4378b51000 [pid 5946] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [ 71.437872][ T5942] loop0: detected capacity change from 0 to 512 [ 71.460712][ T5942] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/235/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5946] <... clone3 resumed> => {parent_tid=[5948]}, 88) = 5948 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5948 attached [pid 5947] <... write resumed>) = 262144 [pid 5948] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 5948] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5947] munmap(0x7f4378b72000, 262144 [pid 5948] <... open resumed>) = 4 [pid 5948] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] fallocate(4, 0, 35143, 7 [pid 5947] <... munmap resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5947] ioctl(5, LOOP_SET_FD, 3 [pid 5948] <... fallocate resumed>) = 0 [pid 5948] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... mount resumed>) = 0 [pid 5948] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... open resumed>) = 6 [pid 5948] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5948] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... ioctl resumed>) = 0 [pid 5947] close(3) = 0 [pid 5947] mkdir("./file1", 0777) = 0 [pid 5947] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5948] <... write resumed>) = -1 EIO (Input/output error) [pid 5948] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5948] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5947] ioctl(5, LOOP_CLR_FD) = 0 [pid 5947] close(5) = 0 [pid 5947] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] exit_group(0 [pid 5948] <... futex resumed>) = ? [pid 5947] <... futex resumed>) = ? [pid 5948] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ [pid 5946] <... exit_group resumed>) = ? [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./236/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/bus") = 0 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x555556e0f690) = 5949 [pid 5949] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5949] chdir("./237") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [ 71.526099][ T5947] loop0: detected capacity change from 0 to 512 [ 71.538137][ T5948] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 71.547860][ T5948] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 71.559792][ T5947] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5949] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5949] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5950 attached [pid 5950] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5949] <... clone3 resumed> => {parent_tid=[5950]}, 88) = 5950 [pid 5950] <... rseq resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] set_robust_list(0x7f4380f929a0, 24 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5949] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] <... futex resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] memfd_create("syzkaller", 0 [pid 5949] <... futex resumed>) = 0 [pid 5949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5950] <... memfd_create resumed>) = 3 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5949] <... mmap resumed>) = 0x7f4380f51000 [pid 5949] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5949] <... mprotect resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5949] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] <... rseq resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] set_robust_list(0x7f4380f719a0, 24 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5951] fallocate(4, 0, 35143, 7 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... write resumed>) = 262144 [pid 5950] munmap(0x7f4378b51000, 262144) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5950] ioctl(5, LOOP_SET_FD, 3 [pid 5951] <... fallocate resumed>) = 0 [pid 5950] <... ioctl resumed>) = 0 [pid 5951] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] <... futex resumed>) = 0 [pid 5951] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] close(3) = 0 [pid 5950] mkdir("./file1", 0777 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5950] <... mkdir resumed>) = 0 [pid 5950] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5951] <... mount resumed>) = 0 [pid 5951] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... open resumed>) = 3 [pid 5951] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5951] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = 0 [pid 5950] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5950] ioctl(5, LOOP_CLR_FD) = 0 [pid 5950] close(5) = 0 [pid 5950] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] exit_group(0 [pid 5950] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5949] <... exit_group resumed>) = ? [pid 5951] <... futex resumed>) = ? [pid 5951] +++ exited with 0 +++ [pid 5950] +++ exited with 0 +++ [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./237/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/bus") = 0 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5952 attached , child_tidptr=0x555556e0f690) = 5952 [pid 5952] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5952] chdir("./238") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5952] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [ 71.627275][ T5950] loop0: detected capacity change from 0 to 512 [ 71.638787][ T5950] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 71.649361][ T5950] EXT4-fs (loop0): group descriptors corrupted! [pid 5952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5952] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5953]}, 88) = 5953 ./strace-static-x86_64: Process 5953 attached [pid 5953] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5953] set_robust_list(0x7f4380f929a0, 24 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] <... memfd_create resumed>) = 3 [pid 5952] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] <... mmap resumed>) = 0x7f4378b72000 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 5952] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[5954]}, 88) = 5954 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5954 attached [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5954] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 5952] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... rseq resumed>) = 0 [pid 5954] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] <... write resumed>) = 262144 [pid 5953] munmap(0x7f4378b72000, 262144 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5953] <... munmap resumed>) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5954] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5954] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5954] fallocate(4, 0, 35143, 7 [pid 5952] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... openat resumed>) = 5 [pid 5953] ioctl(5, LOOP_SET_FD, 3 [pid 5954] <... fallocate resumed>) = 0 [pid 5954] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... ioctl resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] close(3 [pid 5952] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... close resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5954] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5953] mkdir("./file1", 0777 [pid 5952] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... mount resumed>) = 0 [pid 5954] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... mkdir resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5952] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5954] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5952] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... open resumed>) = 3 [pid 5954] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5954] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5952] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... write resumed>) = 262144 [pid 5953] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5954] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] ioctl(5, LOOP_CLR_FD [pid 5952] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5953] <... ioctl resumed>) = 0 [pid 5954] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] close(5) = 0 [pid 5953] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] exit_group(0 [pid 5954] <... futex resumed>) = ? [pid 5953] <... futex resumed>) = ? [pid 5952] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./238/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/bus") = 0 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./238/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 71.722482][ T5953] loop0: detected capacity change from 0 to 512 [ 71.733423][ T5953] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5955 ./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5955] chdir("./239") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5955] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5956 attached => {parent_tid=[5956]}, 88) = 5956 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5955] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5955] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5956] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 5957 attached ) = 0 [pid 5957] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5957] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] <... clone3 resumed> => {parent_tid=[5957]}, 88) = 5957 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5955] <... futex resumed>) = 1 [pid 5957] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5956] set_robust_list(0x7f4380f929a0, 24 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... open resumed>) = 3 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5957] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] memfd_create("syzkaller", 0 [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 1 [pid 5956] <... memfd_create resumed>) = 4 [pid 5955] <... futex resumed>) = 0 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5957] fallocate(3, 0, 35143, 7 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... mmap resumed>) = 0x7f4378b51000 [pid 5956] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5956] munmap(0x7f4378b51000, 262144) = 0 [pid 5957] <... fallocate resumed>) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5957] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... openat resumed>) = 5 [pid 5955] <... futex resumed>) = 0 [pid 5957] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5956] ioctl(5, LOOP_SET_FD, 4 [pid 5957] <... mount resumed>) = 0 [pid 5956] <... ioctl resumed>) = 0 [pid 5957] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] close(4 [pid 5957] <... futex resumed>) = 1 [pid 5956] <... close resumed>) = 0 [pid 5955] <... futex resumed>) = 0 [pid 5957] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] mkdir("./file1", 0777 [pid 5955] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... mkdir resumed>) = 0 [pid 5957] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5956] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5957] <... open resumed>) = 4 [pid 5957] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = 0 [pid 5957] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5957] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5957] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5956] ioctl(5, LOOP_CLR_FD) = 0 [pid 5956] close(5) = 0 [pid 5956] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] exit_group(0 [pid 5957] <... futex resumed>) = ? [pid 5956] <... futex resumed>) = ? [pid 5956] +++ exited with 0 +++ [pid 5957] +++ exited with 0 +++ [pid 5955] <... exit_group resumed>) = ? [pid 5955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./239/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/bus") = 0 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 umount2("./239/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached , child_tidptr=0x555556e0f690) = 5958 [pid 5958] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5958] chdir("./240") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [ 71.807315][ T5956] loop0: detected capacity change from 0 to 512 [ 71.819455][ T5956] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5958] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5958] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5959 attached [pid 5959] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5958] <... clone3 resumed> => {parent_tid=[5959]}, 88) = 5959 [pid 5959] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5959] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5958] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5958] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5959] memfd_create("syzkaller", 0 [pid 5958] <... mmap resumed>) = 0x7f4380f51000 [pid 5959] <... memfd_create resumed>) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5958] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5958] <... mprotect resumed>) = 0 [pid 5958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5960 attached [pid 5960] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5958] <... clone3 resumed> => {parent_tid=[5960]}, 88) = 5960 [pid 5960] <... rseq resumed>) = 0 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5958] <... futex resumed>) = 0 [pid 5959] <... write resumed>) = 262144 [pid 5959] munmap(0x7f4378b51000, 262144 [pid 5960] <... open resumed>) = 4 [pid 5959] <... munmap resumed>) = 0 [pid 5958] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] <... futex resumed>) = 0 [pid 5958] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5958] <... futex resumed>) = 0 [pid 5960] fallocate(4, 0, 35143, 7 [pid 5958] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... openat resumed>) = 5 [pid 5959] ioctl(5, LOOP_SET_FD, 3 [pid 5960] <... fallocate resumed>) = 0 [pid 5960] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5960] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5958] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] <... futex resumed>) = 1 [pid 5960] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5958] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... open resumed>) = 6 [pid 5960] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5960] <... futex resumed>) = 1 [pid 5960] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5958] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... ioctl resumed>) = 0 [pid 5958] <... futex resumed>) = 0 [pid 5959] close(3 [pid 5958] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... close resumed>) = 0 [pid 5959] mkdir("./file1", 0777) = 0 [pid 5959] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5960] <... write resumed>) = 262144 [pid 5960] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5960] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5959] ioctl(5, LOOP_CLR_FD) = 0 [pid 5959] close(5) = 0 [pid 5959] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] exit_group(0) = ? [pid 5960] <... futex resumed>) = ? [pid 5960] +++ exited with 0 +++ [pid 5959] <... futex resumed>) = ? [pid 5959] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./240/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/bus") = 0 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 umount2("./240/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5961 attached , child_tidptr=0x555556e0f690) = 5961 [pid 5961] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5961] chdir("./241") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5961] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5962 attached [pid 5962] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5961] <... clone3 resumed> => {parent_tid=[5962]}, 88) = 5962 [pid 5962] <... rseq resumed>) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] set_robust_list(0x7f4380f929a0, 24 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5961] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] <... futex resumed>) = 0 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] memfd_create("syzkaller", 0 [pid 5961] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5962] <... memfd_create resumed>) = 3 [pid 5961] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5961] <... mprotect resumed>) = 0 [pid 5962] <... mmap resumed>) = 0x7f4378b51000 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5961] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[5963]}, 88) = 5963 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5961] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5963] set_robust_list(0x7f4380f719a0, 24 [pid 5962] <... write resumed>) = 262144 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5963] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5962] munmap(0x7f4378b51000, 262144) = 0 [pid 5963] <... open resumed>) = 4 [pid 5963] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5961] <... futex resumed>) = 0 [pid 5963] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] fallocate(4, 0, 35143, 7 [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... openat resumed>) = 5 [ 71.886104][ T5959] loop0: detected capacity change from 0 to 512 [ 71.901218][ T5959] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5962] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] mkdir("./file1", 0777) = 0 [pid 5962] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5963] <... fallocate resumed>) = 0 [pid 5963] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5963] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... mount resumed>) = 0 [pid 5963] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5963] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] <... futex resumed>) = 0 [pid 5963] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5961] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... open resumed>) = 3 [pid 5963] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5963] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5961] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... write resumed>) = 262144 [pid 5963] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... futex resumed>) = 0 [pid 5962] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5962] ioctl(5, LOOP_CLR_FD) = 0 [pid 5962] close(5) = 0 [pid 5962] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] exit_group(0 [pid 5963] <... futex resumed>) = ? [pid 5962] <... futex resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ [pid 5961] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./241/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/bus") = 0 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 umount2("./241/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x555556e0f690) = 5964 [pid 5964] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5964] chdir("./242") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5964] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5964] <... clone3 resumed> => {parent_tid=[5965]}, 88) = 5965 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] <... rseq resumed>) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5965] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] <... mmap resumed>) = 0x7f4380f51000 [pid 5965] memfd_create("syzkaller", 0 [pid 5964] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5965] <... memfd_create resumed>) = 3 [pid 5964] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5965] <... mmap resumed>) = 0x7f4378b51000 ./strace-static-x86_64: Process 5966 attached [pid 5966] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5966] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... clone3 resumed> => {parent_tid=[5966]}, 88) = 5966 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = 1 [pid 5966] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] fallocate(4, 0, 35143, 7 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5966] <... fallocate resumed>) = 0 [pid 5966] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.943573][ T5962] loop0: detected capacity change from 0 to 512 [ 71.959961][ T5962] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5966] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5966] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... futex resumed>) = 1 [pid 5966] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 5966] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... futex resumed>) = 1 [pid 5966] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5966] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5966] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] <... write resumed>) = 262144 [pid 5965] munmap(0x7f4378b51000, 262144) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5965] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] mkdir("./file1", 0777) = 0 [pid 5965] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file1") = 0 [pid 5965] ioctl(6, LOOP_CLR_FD) = 0 [pid 5965] close(6) = 0 [pid 5965] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] exit_group(0 [pid 5966] <... futex resumed>) = ? [pid 5965] <... futex resumed>) = ? [pid 5964] <... exit_group resumed>) = ? [pid 5966] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./242/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/bus") = 0 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 [ 72.034439][ T5965] loop0: detected capacity change from 0 to 512 [ 72.058316][ T5965] EXT4-fs (loop0): 1 orphan inode deleted [ 72.064158][ T5965] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/242/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached , child_tidptr=0x555556e0f690) = 5969 [pid 5969] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5969] chdir("./243") = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5969] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5969] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5970 attached => {parent_tid=[5970]}, 88) = 5970 [pid 5970] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... rseq resumed>) = 0 [pid 5969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5969] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] <... futex resumed>) = 0 [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] memfd_create("syzkaller", 0 [pid 5969] <... futex resumed>) = 0 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5970] <... memfd_create resumed>) = 3 [pid 5969] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5969] <... mprotect resumed>) = 0 [pid 5970] <... mmap resumed>) = 0x7f4378b51000 [pid 5969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5971 attached [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5969] <... clone3 resumed> => {parent_tid=[5971]}, 88) = 5971 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5969] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 5971] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5971] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5970] <... write resumed>) = 262144 [pid 5970] munmap(0x7f4378b51000, 262144) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5970] ioctl(5, LOOP_SET_FD, 3 [pid 5971] <... open resumed>) = 4 [pid 5971] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] fallocate(4, 0, 35143, 7 [pid 5970] <... ioctl resumed>) = 0 [pid 5969] <... futex resumed>) = 1 [pid 5970] close(3 [pid 5969] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... close resumed>) = 0 [pid 5970] mkdir("./file1", 0777) = 0 [pid 5970] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5971] <... fallocate resumed>) = 0 [pid 5971] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5971] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5971] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5969] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... mount resumed>) = 0 [pid 5971] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5971] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5969] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... open resumed>) = 3 [pid 5971] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 0 [pid 5969] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5969] <... futex resumed>) = 0 [ 72.135350][ T28] kauditd_printk_skb: 43 callbacks suppressed [ 72.135361][ T28] audit: type=1800 audit(1694162040.269:245): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.137535][ T5970] loop0: detected capacity change from 0 to 512 [pid 5969] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... write resumed>) = 262144 [pid 5971] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5971] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5970] ioctl(5, LOOP_CLR_FD) = 0 [pid 5970] close(5) = 0 [pid 5970] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] exit_group(0 [pid 5971] <... futex resumed>) = ? [pid 5970] <... futex resumed>) = ? [pid 5969] <... exit_group resumed>) = ? [pid 5971] +++ exited with 0 +++ [pid 5970] +++ exited with 0 +++ [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./243/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/bus") = 0 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 umount2("./243/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5974 ./strace-static-x86_64: Process 5974 attached [pid 5974] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5974] chdir("./244") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5974] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5975]}, 88) = 5975 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5974] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5974] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5976 attached => {parent_tid=[5976]}, 88) = 5976 [pid 5976] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5974] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... rseq resumed>) = 0 [pid 5974] <... futex resumed>) = 0 [pid 5976] set_robust_list(0x7f4380f719a0, 24 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5975 attached NULL, 8) = 0 [pid 5975] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5976] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5975] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 72.180956][ T5970] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 72.188733][ T5972] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 72.205594][ T5970] EXT4-fs (loop0): get root inode failed [ 72.211265][ T5970] EXT4-fs (loop0): mount failed [pid 5975] memfd_create("syzkaller", 0 [pid 5976] <... open resumed>) = 3 [pid 5975] <... memfd_create resumed>) = 4 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5975] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5975] munmap(0x7f4378b51000, 262144) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5976] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... openat resumed>) = 5 [pid 5976] <... futex resumed>) = 1 [pid 5976] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5975] ioctl(5, LOOP_SET_FD, 4 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5976] fallocate(3, 0, 35143, 7 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... ioctl resumed>) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./file1", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5976] <... fallocate resumed>) = 0 [pid 5976] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5974] <... futex resumed>) = 0 [pid 5976] <... mount resumed>) = 0 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5976] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 5976] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5976] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5974] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... write resumed>) = 262144 [pid 5976] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [ 72.263587][ T28] audit: type=1800 audit(1694162040.399:246): pid=5976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.280183][ T5975] loop0: detected capacity change from 0 to 512 [pid 5976] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5975] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5975] ioctl(5, LOOP_CLR_FD) = 0 [pid 5975] close(5) = 0 [pid 5975] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] exit_group(0 [pid 5976] <... futex resumed>) = ? [pid 5975] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./244/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/bus") = 0 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 umount2("./244/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x555556e0f690) = 5977 [pid 5977] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5977] chdir("./245") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5977] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5977] <... clone3 resumed> => {parent_tid=[5978]}, 88) = 5978 [pid 5978] <... rseq resumed>) = 0 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] set_robust_list(0x7f4380f929a0, 24 [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] <... set_robust_list resumed>) = 0 [pid 5977] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] <... futex resumed>) = 0 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] memfd_create("syzkaller", 0 [pid 5977] <... futex resumed>) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5978] <... memfd_create resumed>) = 3 [pid 5977] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5977] <... mprotect resumed>) = 0 [pid 5978] <... mmap resumed>) = 0x7f4378b51000 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5979 attached => {parent_tid=[5979]}, 88) = 5979 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5978] <... write resumed>) = 262144 [ 72.307028][ T5975] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5978] munmap(0x7f4378b51000, 262144 [pid 5979] <... rseq resumed>) = 0 [pid 5979] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5979] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5978] <... munmap resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5979] <... open resumed>) = 4 [pid 5978] ioctl(5, LOOP_SET_FD, 3 [pid 5979] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] fallocate(4, 0, 35143, 7 [pid 5978] <... ioctl resumed>) = 0 [pid 5978] close(3) = 0 [pid 5978] mkdir("./file1", 0777 [pid 5979] <... fallocate resumed>) = 0 [pid 5979] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5979] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 1 [pid 5979] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5977] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... mount resumed>) = 0 [pid 5979] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5979] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] <... futex resumed>) = 0 [pid 5979] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5977] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... open resumed>) = 3 [pid 5979] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5979] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] <... futex resumed>) = 0 [pid 5979] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5977] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... mkdir resumed>) = 0 [pid 5978] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5979] <... write resumed>) = 262144 [pid 5979] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [ 72.366863][ T28] audit: type=1800 audit(1694162040.499:247): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.371686][ T5978] loop0: detected capacity change from 0 to 512 [pid 5979] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5978] ioctl(5, LOOP_CLR_FD) = 0 [pid 5978] close(5) = 0 [pid 5978] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] exit_group(0 [pid 5978] <... futex resumed>) = ? [pid 5977] <... exit_group resumed>) = ? [pid 5979] <... futex resumed>) = ? [pid 5978] +++ exited with 0 +++ [pid 5979] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./245/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/bus") = 0 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 umount2("./245/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5980 attached , child_tidptr=0x555556e0f690) = 5980 [pid 5980] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5980] chdir("./246") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5980] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5981]}, 88) = 5981 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5981 attached ) = 0 [pid 5980] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5980] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5981] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5980] <... mprotect resumed>) = 0 [pid 5981] <... rseq resumed>) = 0 [pid 5981] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5982 attached [pid 5982] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5980] <... clone3 resumed> => {parent_tid=[5982]}, 88) = 5982 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... rseq resumed>) = 0 [pid 5982] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 72.416131][ T5978] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5982] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5982] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] fallocate(4, 0, 35143, 7 [pid 5981] <... write resumed>) = 262144 [pid 5981] munmap(0x7f4378b51000, 262144) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5981] ioctl(5, LOOP_SET_FD, 3 [pid 5982] <... fallocate resumed>) = 0 [pid 5981] <... ioctl resumed>) = 0 [pid 5982] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] close(3 [pid 5980] <... futex resumed>) = 0 [pid 5982] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5982] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5980] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... mount resumed>) = 0 [pid 5981] <... close resumed>) = 0 [pid 5982] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5982] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5982] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5980] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... open resumed>) = 3 [pid 5982] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5982] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5982] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5980] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] mkdir("./file1", 0777) = 0 [pid 5981] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5982] <... write resumed>) = 262144 [pid 5982] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5982] <... futex resumed>) = 1 [pid 5982] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5981] ioctl(5, LOOP_CLR_FD) = 0 [pid 5981] close(5) = 0 [pid 5981] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] exit_group(0 [pid 5982] <... futex resumed>) = ? [pid 5981] <... futex resumed>) = ? [pid 5982] +++ exited with 0 +++ [pid 5981] +++ exited with 0 +++ [pid 5980] <... exit_group resumed>) = ? [pid 5980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./246/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/bus") = 0 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached , child_tidptr=0x555556e0f690) = 5983 [pid 5983] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5983] chdir("./247") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [ 72.461826][ T28] audit: type=1800 audit(1694162040.599:248): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.483517][ T5981] loop0: detected capacity change from 0 to 512 [ 72.500314][ T5981] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5983] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5983] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5984 attached [pid 5984] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5983] <... clone3 resumed> => {parent_tid=[5984]}, 88) = 5984 [pid 5984] set_robust_list(0x7f4380f929a0, 24 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... set_robust_list resumed>) = 0 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5983] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] memfd_create("syzkaller", 0 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5984] <... memfd_create resumed>) = 3 [pid 5983] <... mmap resumed>) = 0x7f4380f51000 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5983] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5983] <... mprotect resumed>) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5985 attached => {parent_tid=[5985]}, 88) = 5985 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... write resumed>) = 262144 [pid 5984] munmap(0x7f4378b51000, 262144) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5985] <... rseq resumed>) = 0 [pid 5985] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... ioctl resumed>) = 0 [pid 5984] close(3) = 0 [pid 5984] mkdir("./file1", 0777 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5984] <... mkdir resumed>) = 0 [pid 5984] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5985] <... open resumed>) = 3 [pid 5985] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] fallocate(3, 0, 35143, 7) = 0 [pid 5985] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... mount resumed>) = 0 [pid 5985] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5983] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5983] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... open resumed>) = 5 [pid 5985] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5985] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.549973][ T5984] loop0: detected capacity change from 0 to 512 [ 72.559428][ T28] audit: type=1800 audit(1694162040.699:249): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1931 res=0 errno=0 [pid 5985] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5985] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5985] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5984] ioctl(4, LOOP_CLR_FD) = 0 [pid 5984] close(4) = 0 [pid 5984] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] exit_group(0 [pid 5985] <... futex resumed>) = ? [pid 5984] <... futex resumed>) = ? [pid 5983] <... exit_group resumed>) = ? [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ [pid 5983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./247/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/bus") = 0 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5988 [ 72.591977][ T5984] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 72.606378][ T5984] EXT4-fs (loop0): get root inode failed [ 72.612319][ T5984] EXT4-fs (loop0): mount failed ./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5988] chdir("./248") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5988] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[5989]}, 88) = 5989 ./strace-static-x86_64: Process 5989 attached [pid 5988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5988] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] <... rseq resumed>) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5989] set_robust_list(0x7f4380f929a0, 24 [pid 5988] <... mmap resumed>) = 0x7f4380f51000 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] <... mprotect resumed>) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5990 attached [pid 5989] memfd_create("syzkaller", 0 [pid 5990] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5988] <... clone3 resumed> => {parent_tid=[5990]}, 88) = 5990 [pid 5990] <... rseq resumed>) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] set_robust_list(0x7f4380f719a0, 24 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5990] <... set_robust_list resumed>) = 0 [pid 5988] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] <... futex resumed>) = 0 [pid 5990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5989] <... memfd_create resumed>) = 3 [pid 5990] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5990] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] <... futex resumed>) = 0 [pid 5990] fallocate(4, 0, 35143, 7 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5989] munmap(0x7f4378b51000, 262144) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5989] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] mkdir("./file1", 0777) = 0 [pid 5989] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5990] <... fallocate resumed>) = 0 [pid 5990] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5990] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5988] <... futex resumed>) = 1 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5990] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 1 [pid 5990] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 5990] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 1 [pid 5990] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5990] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [ 72.674631][ T28] audit: type=1800 audit(1694162040.809:250): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.682982][ T5989] loop0: detected capacity change from 0 to 512 [pid 5990] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5989] ioctl(5, LOOP_CLR_FD) = 0 [pid 5989] close(5) = 0 [pid 5989] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] exit_group(0) = ? [pid 5990] <... futex resumed>) = ? [pid 5990] +++ exited with 0 +++ [pid 5989] <... futex resumed>) = ? [pid 5989] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./248/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/bus") = 0 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5991 attached , child_tidptr=0x555556e0f690) = 5991 [pid 5991] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5991] chdir("./249") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5991] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5991] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5992 attached => {parent_tid=[5992]}, 88) = 5992 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5991] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5992] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 5992] set_robust_list(0x7f4380f929a0, 24 [pid 5991] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 5992] <... set_robust_list resumed>) = 0 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5991] <... mprotect resumed>) = 0 [pid 5992] memfd_create("syzkaller", 0 [pid 5991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 5992] <... memfd_create resumed>) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5993 attached [pid 5991] <... clone3 resumed> => {parent_tid=[5993]}, 88) = 5993 [pid 5993] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5992] <... mmap resumed>) = 0x7f4378b51000 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5993] <... rseq resumed>) = 0 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5993] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.717082][ T5989] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 5993] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5993] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] <... futex resumed>) = 1 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] fallocate(4, 0, 35143, 7 [pid 5991] <... futex resumed>) = 1 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5992] munmap(0x7f4378b51000, 262144) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5992] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5992] close(3) = 0 [pid 5992] mkdir("./file1", 0777) = 0 [pid 5992] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5993] <... fallocate resumed>) = 0 [pid 5993] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5993] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5993] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5993] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5991] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... open resumed>) = 3 [pid 5993] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5991] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... write resumed>) = 262144 [pid 5993] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] <... futex resumed>) = 0 [pid 5992] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5992] ioctl(5, LOOP_CLR_FD) = 0 [pid 5992] close(5) = 0 [pid 5992] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] exit_group(0 [pid 5992] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = ? [pid 5992] <... futex resumed>) = ? [pid 5991] <... exit_group resumed>) = ? [pid 5993] +++ exited with 0 +++ [pid 5992] +++ exited with 0 +++ [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./249/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/bus") = 0 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 72.764676][ T28] audit: type=1800 audit(1694162040.899:251): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.773574][ T5992] loop0: detected capacity change from 0 to 512 [ 72.800480][ T5992] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5994 attached , child_tidptr=0x555556e0f690) = 5994 [pid 5994] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5994] chdir("./250") = 0 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5994] setpgid(0, 0) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5994] write(3, "1000", 4) = 4 [pid 5994] close(3) = 0 [pid 5994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5994] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5994] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 5995 attached [pid 5995] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5994] <... clone3 resumed> => {parent_tid=[5995]}, 88) = 5995 [pid 5995] <... rseq resumed>) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] set_robust_list(0x7f4380f929a0, 24 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] <... set_robust_list resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5995] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5994] <... futex resumed>) = 1 [pid 5995] memfd_create("syzkaller", 0 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5995] <... memfd_create resumed>) = 3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... mmap resumed>) = 0x7f4380f51000 [pid 5995] <... mmap resumed>) = 0x7f4378b51000 [pid 5994] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 5996 attached => {parent_tid=[5996]}, 88) = 5996 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5996] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] <... rseq resumed>) = 0 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] set_robust_list(0x7f4380f719a0, 24 [pid 5994] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5994] <... futex resumed>) = 0 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5996] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... futex resumed>) = 1 [pid 5996] fallocate(4, 0, 35143, 7 [pid 5995] <... write resumed>) = 262144 [pid 5995] munmap(0x7f4378b51000, 262144) = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5995] ioctl(5, LOOP_SET_FD, 3 [pid 5996] <... fallocate resumed>) = 0 [pid 5996] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... ioctl resumed>) = 0 [pid 5994] <... futex resumed>) = 1 [pid 5996] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5995] close(3 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... mount resumed>) = 0 [pid 5995] <... close resumed>) = 0 [pid 5995] mkdir("./file1", 0777 [pid 5996] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5996] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5994] <... futex resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5995] <... mkdir resumed>) = 0 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5996] <... open resumed>) = 3 [pid 5996] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.872736][ T28] audit: type=1800 audit(1694162041.009:252): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.877326][ T5995] loop0: detected capacity change from 0 to 512 [ 72.908315][ T5997] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 5996] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5996] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] <... futex resumed>) = 0 [pid 5995] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5995] ioctl(5, LOOP_CLR_FD) = 0 [pid 5995] close(5) = 0 [pid 5995] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] exit_group(0 [pid 5996] <... futex resumed>) = ? [pid 5996] +++ exited with 0 +++ [pid 5994] <... exit_group resumed>) = ? [pid 5995] <... futex resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./250/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/bus") = 0 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 umount2("./250/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 72.919385][ T5995] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 72.933630][ T5995] EXT4-fs (loop0): get root inode failed [ 72.939598][ T5995] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 5999 ./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 5999] chdir("./251") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 5999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 5999] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6000 attached => {parent_tid=[6000]}, 88) = 6000 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5999] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 5999] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6000] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 5999] <... mprotect resumed>) = 0 [pid 6000] <... rseq resumed>) = 0 [pid 6000] set_robust_list(0x7f4380f929a0, 24 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6000] <... set_robust_list resumed>) = 0 [pid 5999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6001 attached [pid 6001] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6000] memfd_create("syzkaller", 0 [pid 6001] <... rseq resumed>) = 0 [pid 5999] <... clone3 resumed> => {parent_tid=[6001]}, 88) = 6001 [pid 6001] set_robust_list(0x7f4380f719a0, 24 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6001] <... set_robust_list resumed>) = 0 [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6001] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... memfd_create resumed>) = 4 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6001] <... open resumed>) = 3 [pid 6000] <... mmap resumed>) = 0x7f4378b51000 [pid 6001] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 1 [pid 6001] fallocate(3, 0, 35143, 7 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6000] munmap(0x7f4378b51000, 262144) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6000] ioctl(5, LOOP_SET_FD, 4 [pid 6001] <... fallocate resumed>) = 0 [pid 6000] <... ioctl resumed>) = 0 [pid 6001] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] close(4 [pid 6001] <... futex resumed>) = 1 [pid 6000] <... close resumed>) = 0 [pid 5999] <... futex resumed>) = 0 [pid 6001] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] mkdir("./file1", 0777 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6000] <... mkdir resumed>) = 0 [pid 6001] <... mount resumed>) = 0 [pid 6000] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6001] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 0 [pid 5999] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6001] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] <... futex resumed>) = 0 [pid 6001] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 5999] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6001] <... open resumed>) = 4 [pid 6001] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6001] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 6001] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5999] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6001] <... write resumed>) = 262144 [pid 6001] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [ 72.998512][ T28] audit: type=1800 audit(1694162041.139:253): pid=6001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 73.005710][ T6000] loop0: detected capacity change from 0 to 512 [ 73.031218][ T6000] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [pid 6001] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6000] ioctl(5, LOOP_CLR_FD) = 0 [pid 6000] close(5) = 0 [pid 6000] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] exit_group(0 [pid 6001] <... futex resumed>) = ? [pid 5999] <... exit_group resumed>) = ? [pid 6001] +++ exited with 0 +++ [pid 6000] <... futex resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./251/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/bus") = 0 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 umount2("./251/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached [pid 6003] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6003] chdir("./252") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6003 [pid 6003] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6003] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6004 attached => {parent_tid=[6004]}, 88) = 6004 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6003] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6004] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6003] <... mmap resumed>) = 0x7f4380f51000 [pid 6003] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6005 attached [pid 6004] <... rseq resumed>) = 0 [ 73.045381][ T6000] EXT4-fs (loop0): get root inode failed [ 73.051220][ T6000] EXT4-fs (loop0): mount failed [pid 6005] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6004] set_robust_list(0x7f4380f929a0, 24 [pid 6005] set_robust_list(0x7f4380f719a0, 24 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6003] <... futex resumed>) = 0 [pid 6005] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... open resumed>) = 3 [pid 6005] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] memfd_create("syzkaller", 0) = 4 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6004] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6005] <... futex resumed>) = 1 [pid 6004] <... write resumed>) = 262144 [pid 6005] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] munmap(0x7f4378b51000, 262144) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6004] ioctl(5, LOOP_SET_FD, 4 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] fallocate(3, 0, 35143, 7 [pid 6004] <... ioctl resumed>) = 0 [pid 6004] close(4) = 0 [pid 6004] mkdir("./file1", 0777) = 0 [pid 6004] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6005] <... fallocate resumed>) = 0 [pid 6005] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6005] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... mount resumed>) = 0 [pid 6005] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6005] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 4 [pid 6005] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6005] write(4, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6003] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... write resumed>) = 262144 [pid 6005] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6005] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6004] ioctl(5, LOOP_CLR_FD) = 0 [pid 6004] close(5) = 0 [pid 6004] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] exit_group(0 [pid 6004] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] <... exit_group resumed>) = ? [pid 6005] <... futex resumed>) = ? [pid 6005] +++ exited with 0 +++ [pid 6004] <... futex resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./252/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/bus") = 0 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 73.103883][ T28] audit: type=1800 audit(1694162041.239:254): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor369" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 73.120528][ T6004] loop0: detected capacity change from 0 to 512 [ 73.139419][ T6004] EXT4-fs (loop0): failed to initialize system zone (-117) [ 73.148100][ T6004] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6008 ./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6008] chdir("./253") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6008] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6009]}, 88) = 6009 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6009 attached NULL, 8) = 0 [pid 6009] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6008] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6009] memfd_create("syzkaller", 0 [pid 6008] <... mmap resumed>) = 0x7f4380f51000 [pid 6009] <... memfd_create resumed>) = 3 [pid 6008] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6008] <... mprotect resumed>) = 0 [pid 6009] <... mmap resumed>) = 0x7f4378b51000 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6008] <... clone3 resumed> => {parent_tid=[6010]}, 88) = 6010 [pid 6010] <... rseq resumed>) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... open resumed>) = 4 [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6010] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 1 [pid 6010] fallocate(4, 0, 35143, 7 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... write resumed>) = 262144 [pid 6009] munmap(0x7f4378b51000, 262144 [pid 6010] <... fallocate resumed>) = 0 [pid 6010] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6008] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6008] <... futex resumed>) = 0 [pid 6009] <... munmap resumed>) = 0 [pid 6008] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6010] <... mount resumed>) = 0 [pid 6010] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6010] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] ioctl(5, LOOP_SET_FD, 3 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6010] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6008] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... open resumed>) = 6 [pid 6009] <... ioctl resumed>) = 0 [pid 6009] close(3) = 0 [pid 6009] mkdir("./file1", 0777 [pid 6010] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... mkdir resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6009] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6008] <... futex resumed>) = 0 [pid 6010] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6010] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6008] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... write resumed>) = 262144 [pid 6010] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6010] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6009] ioctl(5, LOOP_CLR_FD) = 0 [pid 6009] close(5) = 0 [pid 6009] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] exit_group(0 [pid 6010] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6010] +++ exited with 0 +++ [pid 6009] <... futex resumed>) = ? [pid 6009] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./253/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/bus") = 0 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 umount2("./253/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6011] chdir("./254") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6011 [pid 6011] <... openat resumed>) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6011] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6012]}, 88) = 6012 ./strace-static-x86_64: Process 6012 attached [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6012] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6012] <... rseq resumed>) = 0 [pid 6012] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6012] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6011] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6011] <... futex resumed>) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6012] <... mmap resumed>) = 0x7f4378b72000 [pid 6011] <... mmap resumed>) = 0x7f4378b51000 [pid 6011] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 6013 attached [pid 6013] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6011] <... clone3 resumed> => {parent_tid=[6013]}, 88) = 6013 [pid 6013] <... rseq resumed>) = 0 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] set_robust_list(0x7f4378b719a0, 24 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] <... set_robust_list resumed>) = 0 [pid 6011] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6011] <... futex resumed>) = 0 [pid 6013] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6011] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] <... open resumed>) = 4 [pid 6013] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] fallocate(4, 0, 35143, 7 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6013] <... fallocate resumed>) = 0 [pid 6013] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... futex resumed>) = 1 [ 73.218454][ T6009] loop0: detected capacity change from 0 to 512 [ 73.237047][ T6009] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... write resumed>) = 262144 [pid 6012] munmap(0x7f4378b72000, 262144) = 0 [pid 6013] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6012] ioctl(5, LOOP_SET_FD, 3 [pid 6013] <... mount resumed>) = 0 [pid 6013] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... ioctl resumed>) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("./file1", 0777 [pid 6013] <... futex resumed>) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6013] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... mkdir resumed>) = 0 [pid 6012] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6013] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6013] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6013] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6011] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] <... write resumed>) = 262144 [pid 6013] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6013] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] <... mount resumed>) = 0 [pid 6012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 6012] chdir("./file1") = 0 [pid 6012] ioctl(5, LOOP_CLR_FD) = 0 [pid 6012] close(5) = 0 [pid 6012] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] exit_group(0) = ? [pid 6013] <... futex resumed>) = ? [pid 6013] +++ exited with 0 +++ [pid 6012] <... futex resumed>) = ? [pid 6012] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./254/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/bus") = 0 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 umount2("./254/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 [ 73.301885][ T6012] loop0: detected capacity change from 0 to 512 [ 73.330531][ T6012] EXT4-fs (loop0): 1 orphan inode deleted [ 73.336341][ T6012] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/254/file1 supports timestamps until 2038-01-19 (0x7fffffff) getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x555556e0f690) = 6017 [pid 6017] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6017] chdir("./255") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6017] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6018 attached [pid 6018] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6017] <... clone3 resumed> => {parent_tid=[6018]}, 88) = 6018 [pid 6018] <... rseq resumed>) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] set_robust_list(0x7f4380f929a0, 24 [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6017] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6017] <... futex resumed>) = 0 [pid 6018] memfd_create("syzkaller", 0 [pid 6017] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6018] <... memfd_create resumed>) = 3 [pid 6017] <... mmap resumed>) = 0x7f4380f51000 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6017] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6017] <... mprotect resumed>) = 0 [pid 6017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6019]}, 88) = 6019 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6019 attached NULL, 8) = 0 [pid 6017] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6019] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6019] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6019] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] fallocate(4, 0, 35143, 7 [pid 6018] <... write resumed>) = 262144 [pid 6018] munmap(0x7f4378b51000, 262144) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6018] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] mkdir("./file1", 0777) = 0 [pid 6018] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6019] <... fallocate resumed>) = 0 [pid 6019] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6019] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6019] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6017] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... mount resumed>) = 0 [pid 6019] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6019] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6019] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6017] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 3 [pid 6019] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6019] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = 1 [pid 6019] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6017] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... write resumed>) = 262144 [pid 6019] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6019] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... mount resumed>) = 0 [pid 6018] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 6018] chdir("./file1") = 0 [pid 6018] ioctl(5, LOOP_CLR_FD) = 0 [pid 6018] close(5) = 0 [pid 6018] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] exit_group(0 [pid 6018] <... futex resumed>) = ? [pid 6019] <... futex resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6017] <... exit_group resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./255/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/bus") = 0 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 [ 73.413336][ T6018] loop0: detected capacity change from 0 to 512 [ 73.430003][ T6018] EXT4-fs (loop0): 1 orphan inode deleted [ 73.436993][ T6018] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/255/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./255/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6022 ./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6022] chdir("./256") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6022] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6022] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6023 attached => {parent_tid=[6023]}, 88) = 6023 [pid 6023] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], [pid 6023] <... rseq resumed>) = 0 [pid 6022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] set_robust_list(0x7f4380f929a0, 24 [pid 6022] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... set_robust_list resumed>) = 0 [pid 6022] <... futex resumed>) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] <... futex resumed>) = 0 [pid 6023] memfd_create("syzkaller", 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6023] <... memfd_create resumed>) = 3 [pid 6022] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6022] <... mprotect resumed>) = 0 [pid 6022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 73.471976][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 73.481573][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 6022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6024 attached [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6022] <... clone3 resumed> => {parent_tid=[6024]}, 88) = 6024 [pid 6024] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6024] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6022] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = 1 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6022] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... open resumed>) = 4 [pid 6023] <... write resumed>) = 262144 [pid 6024] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6022] <... futex resumed>) = 0 [pid 6024] fallocate(4, 0, 35143, 7 [pid 6022] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] munmap(0x7f4378b51000, 262144) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6023] ioctl(5, LOOP_SET_FD, 3 [pid 6024] <... fallocate resumed>) = 0 [pid 6023] <... ioctl resumed>) = 0 [pid 6024] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] close(3 [pid 6024] <... futex resumed>) = 1 [pid 6023] <... close resumed>) = 0 [pid 6022] <... futex resumed>) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] mkdir("./file1", 0777 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... mkdir resumed>) = 0 [pid 6022] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6023] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6022] <... futex resumed>) = 0 [pid 6024] <... mount resumed>) = 0 [pid 6024] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6022] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6024] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6024] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] <... futex resumed>) = 1 [pid 6022] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6022] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6024] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6022] <... futex resumed>) = 1 [pid 6022] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... write resumed>) = 262144 [pid 6024] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6024] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6023] ioctl(5, LOOP_CLR_FD) = 0 [pid 6023] close(5) = 0 [pid 6023] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] exit_group(0 [pid 6023] <... futex resumed>) = ? [pid 6022] <... exit_group resumed>) = ? [pid 6023] +++ exited with 0 +++ [pid 6024] <... futex resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./256/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/bus") = 0 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 umount2("./256/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6025 ./strace-static-x86_64: Process 6025 attached [pid 6025] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6025] chdir("./257") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6025] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6025] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6026]}, 88) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6026] <... rseq resumed>) = 0 [pid 6025] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6025] <... futex resumed>) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] memfd_create("syzkaller", 0 [pid 6025] <... futex resumed>) = 0 [pid 6025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6026] <... memfd_create resumed>) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 6025] <... mmap resumed>) = 0x7f4378b51000 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6025] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[6027]}, 88) = 6027 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053) = 0 [pid 6027] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 6026] <... write resumed>) = 262144 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6027] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] munmap(0x7f4378b72000, 262144 [pid 6025] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6025] <... futex resumed>) = 1 [pid 6027] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... open resumed>) = 4 [ 73.538313][ T6023] loop0: detected capacity change from 0 to 512 [ 73.557287][ T6023] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6026] <... munmap resumed>) = 0 [pid 6027] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6027] <... futex resumed>) = 1 [pid 6026] <... openat resumed>) = 5 [pid 6025] <... futex resumed>) = 0 [pid 6027] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] ioctl(5, LOOP_SET_FD, 3 [pid 6025] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] fallocate(4, 0, 35143, 7 [pid 6026] <... ioctl resumed>) = 0 [pid 6025] <... futex resumed>) = 0 [pid 6026] close(3) = 0 [pid 6026] mkdir("./file1", 0777 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... mkdir resumed>) = 0 [pid 6026] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6027] <... fallocate resumed>) = 0 [pid 6027] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6027] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6027] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6025] <... futex resumed>) = 0 [pid 6027] <... open resumed>) = 3 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6025] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... write resumed>) = 262144 [pid 6027] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6027] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6026] ioctl(5, LOOP_CLR_FD) = 0 [pid 6026] close(5) = 0 [pid 6026] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] exit_group(0 [pid 6026] <... futex resumed>) = ? [pid 6025] <... exit_group resumed>) = ? [pid 6027] <... futex resumed>) = ? [pid 6026] +++ exited with 0 +++ [pid 6027] +++ exited with 0 +++ [pid 6025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./257/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/bus") = 0 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6028 ./strace-static-x86_64: Process 6028 attached [pid 6028] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6028] chdir("./258") = 0 [ 73.620743][ T6026] loop0: detected capacity change from 0 to 512 [ 73.637375][ T6026] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6028] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6029 attached [pid 6029] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6028] <... clone3 resumed> => {parent_tid=[6029]}, 88) = 6029 [pid 6029] <... rseq resumed>) = 0 [pid 6029] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6029] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6028] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 1 [pid 6029] memfd_create("syzkaller", 0) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 6028] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 6028] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6028] <... clone3 resumed> => {parent_tid=[6030]}, 88) = 6030 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6028] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6030 attached [pid 6029] <... write resumed>) = 262144 [pid 6030] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6029] munmap(0x7f4378b72000, 262144 [pid 6030] <... rseq resumed>) = 0 [pid 6030] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6029] <... munmap resumed>) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6030] <... open resumed>) = 4 [pid 6030] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... openat resumed>) = 5 [pid 6030] <... futex resumed>) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6030] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6030] fallocate(4, 0, 35143, 7 [pid 6028] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] ioctl(5, LOOP_SET_FD, 3 [pid 6030] <... fallocate resumed>) = 0 [pid 6029] <... ioctl resumed>) = 0 [pid 6030] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6030] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6030] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6028] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] close(3 [pid 6030] <... mount resumed>) = 0 [pid 6029] <... close resumed>) = 0 [pid 6029] mkdir("./file1", 0777 [pid 6030] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6029] <... mkdir resumed>) = 0 [pid 6029] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6028] <... futex resumed>) = 0 [pid 6030] <... open resumed>) = 3 [pid 6028] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6030] <... futex resumed>) = 0 [pid 6028] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... write resumed>) = 262144 [pid 6030] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6030] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6029] ioctl(5, LOOP_CLR_FD) = 0 [pid 6029] close(5) = 0 [pid 6029] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] exit_group(0 [pid 6030] <... futex resumed>) = ? [pid 6028] <... exit_group resumed>) = ? [pid 6029] <... futex resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ [pid 6028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./258/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/bus") = 0 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached , child_tidptr=0x555556e0f690) = 6031 [pid 6031] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6031] chdir("./259") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6031] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6032 attached [pid 6032] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6032] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6032] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... clone3 resumed> => {parent_tid=[6032]}, 88) = 6032 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 73.719386][ T6029] loop0: detected capacity change from 0 to 512 [ 73.735592][ T6029] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 73.745456][ T6029] EXT4-fs (loop0): group descriptors corrupted! [pid 6031] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 6031] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6031] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[6033]}, 88) = 6033 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6031] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6033 attached [pid 6032] <... write resumed>) = 262144 [pid 6033] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6032] munmap(0x7f4378b72000, 262144 [pid 6033] <... rseq resumed>) = 0 [pid 6033] set_robust_list(0x7f4378b719a0, 24) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], [pid 6032] <... munmap resumed>) = 0 [pid 6033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6033] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6032] <... openat resumed>) = 4 [pid 6033] <... open resumed>) = 5 [pid 6033] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] ioctl(4, LOOP_SET_FD, 3 [pid 6031] <... futex resumed>) = 0 [pid 6033] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] fallocate(5, 0, 35143, 7 [pid 6032] <... ioctl resumed>) = 0 [pid 6032] close(3) = 0 [pid 6032] mkdir("./file1", 0777) = 0 [pid 6032] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6033] <... fallocate resumed>) = 0 [pid 6033] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6033] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6033] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6031] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... mount resumed>) = 0 [pid 6033] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6033] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6031] <... futex resumed>) = 0 [pid 6033] <... open resumed>) = 3 [pid 6031] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6033] <... futex resumed>) = 1 [pid 6031] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... write resumed>) = 262144 [pid 6033] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6033] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6032] ioctl(4, LOOP_CLR_FD) = 0 [pid 6032] close(4) = 0 [pid 6032] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] exit_group(0 [pid 6033] <... futex resumed>) = ? [pid 6032] +++ exited with 0 +++ [pid 6031] <... exit_group resumed>) = ? [pid 6033] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./259/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/bus") = 0 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6034] chdir("./260") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6034 [pid 6034] <... openat resumed>) = 3 [pid 6034] write(3, "1000", 4) = 4 [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6034] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6035 attached => {parent_tid=[6035]}, 88) = 6035 [pid 6035] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] <... rseq resumed>) = 0 [pid 6035] set_robust_list(0x7f4380f929a0, 24 [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [pid 6034] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] <... futex resumed>) = 0 [pid 6035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] memfd_create("syzkaller", 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6035] <... memfd_create resumed>) = 3 [pid 6034] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6036 attached [pid 6036] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6036] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6034] <... clone3 resumed> => {parent_tid=[6036]}, 88) = 6036 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6036] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... futex resumed>) = 0 [ 73.807341][ T6032] loop0: detected capacity change from 0 to 512 [ 73.827000][ T6032] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6036] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6035] <... write resumed>) = 262144 [pid 6035] munmap(0x7f4378b51000, 262144 [pid 6036] <... open resumed>) = 4 [pid 6036] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6036] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6036] fallocate(4, 0, 35143, 7 [pid 6035] <... munmap resumed>) = 0 [pid 6034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6035] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] mkdir("./file1", 0777) = 0 [pid 6035] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6036] <... fallocate resumed>) = 0 [pid 6036] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6036] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... mount resumed>) = 0 [pid 6036] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6036] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6036] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6036] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6034] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... write resumed>) = 262144 [pid 6036] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6036] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6035] ioctl(5, LOOP_CLR_FD) = 0 [pid 6035] close(5) = 0 [pid 6035] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] exit_group(0) = ? [pid 6036] <... futex resumed>) = ? [pid 6036] +++ exited with 0 +++ [pid 6035] <... futex resumed>) = ? [pid 6035] +++ exited with 0 +++ [pid 6034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./260/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/bus") = 0 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 umount2("./260/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6037 ./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6037] chdir("./261") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6037] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6037] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6038]}, 88) = 6038 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6037] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6038 attached ) = 0 [pid 6038] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6038] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6038] memfd_create("syzkaller", 0 [pid 6037] <... clone3 resumed> => {parent_tid=[6039]}, 88) = 6039 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6039 attached [pid 6039] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6039] <... rseq resumed>) = 0 [pid 6039] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... mmap resumed>) = 0x7f4378b51000 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... futex resumed>) = 1 [pid 6039] fallocate(4, 0, 35143, 7 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6039] <... fallocate resumed>) = 0 [pid 6039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... futex resumed>) = 1 [ 73.892439][ T6035] loop0: detected capacity change from 0 to 512 [ 73.908138][ T6035] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6039] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6038] <... write resumed>) = 262144 [pid 6039] <... mount resumed>) = 0 [pid 6039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] munmap(0x7f4378b51000, 262144 [pid 6039] <... futex resumed>) = 1 [pid 6039] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 6038] <... munmap resumed>) = 0 [pid 6039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... futex resumed>) = 1 [pid 6039] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 6039] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] <... futex resumed>) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6039] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] <... openat resumed>) = 6 [pid 6038] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] mkdir("./file1", 0777) = 0 [pid 6038] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 6038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./file1") = 0 [pid 6038] ioctl(6, LOOP_CLR_FD) = 0 [pid 6038] close(6) = 0 [pid 6038] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] exit_group(0 [pid 6038] <... futex resumed>) = ? [pid 6037] <... exit_group resumed>) = ? [pid 6038] +++ exited with 0 +++ [pid 6039] <... futex resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./261/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/bus") = 0 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 umount2("./261/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x555556e0f690) = 6042 [pid 6042] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6042] chdir("./262") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6042] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 73.983814][ T6038] loop0: detected capacity change from 0 to 512 [ 74.000150][ T6038] EXT4-fs (loop0): 1 orphan inode deleted [ 74.005908][ T6038] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/261/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6042] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6043 attached => {parent_tid=[6043]}, 88) = 6043 [pid 6043] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6043] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6042] <... mmap resumed>) = 0x7f4380f51000 [pid 6043] <... mmap resumed>) = 0x7f4378b51000 [pid 6042] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6042] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] <... rseq resumed>) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] set_robust_list(0x7f4380f719a0, 24 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6042] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] <... futex resumed>) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6043] <... write resumed>) = 262144 [pid 6043] munmap(0x7f4378b51000, 262144 [pid 6044] <... open resumed>) = 4 [pid 6044] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6044] fallocate(4, 0, 35143, 7 [pid 6042] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... munmap resumed>) = 0 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6043] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./file1", 0777) = 0 [pid 6043] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6044] <... fallocate resumed>) = 0 [pid 6044] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6044] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6044] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 6044] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6044] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6043] ioctl(5, LOOP_CLR_FD) = 0 [pid 6043] close(5) = 0 [pid 6043] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] exit_group(0 [pid 6044] <... futex resumed>) = ? [pid 6043] <... futex resumed>) = ? [pid 6044] +++ exited with 0 +++ [pid 6043] +++ exited with 0 +++ [pid 6042] <... exit_group resumed>) = ? [pid 6042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./262/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/bus") = 0 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached [pid 6045] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6045 [pid 6045] <... set_robust_list resumed>) = 0 [pid 6045] chdir("./263") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6045] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6045] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6046 attached => {parent_tid=[6046]}, 88) = 6046 [pid 6046] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6046] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6046] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6045] <... futex resumed>) = 0 [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [ 74.081862][ T6043] loop0: detected capacity change from 0 to 512 [ 74.107063][ T6043] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6045] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE [pid 6046] <... write resumed>) = 262144 [pid 6045] <... mprotect resumed>) = 0 [pid 6046] munmap(0x7f4378b72000, 262144 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0} => {parent_tid=[6047]}, 88) = 6047 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6047 attached [pid 6046] <... munmap resumed>) = 0 [pid 6045] <... futex resumed>) = 0 [pid 6047] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... rseq resumed>) = 0 [pid 6047] set_robust_list(0x7f4378b719a0, 24 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] <... openat resumed>) = 4 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6047] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6046] ioctl(4, LOOP_SET_FD, 3 [pid 6047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6047] <... futex resumed>) = 1 [pid 6045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] fallocate(5, 0, 35143, 7 [pid 6046] <... ioctl resumed>) = 0 [pid 6045] <... futex resumed>) = 0 [pid 6046] close(3 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... close resumed>) = 0 [pid 6046] mkdir("./file1", 0777) = 0 [pid 6046] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6047] <... fallocate resumed>) = 0 [pid 6047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6047] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6045] <... futex resumed>) = 0 [pid 6047] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6047] <... futex resumed>) = 0 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6047] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6047] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... write resumed>) = 262144 [pid 6047] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6047] <... futex resumed>) = 1 [ 74.171988][ T6046] loop0: detected capacity change from 0 to 512 [ 74.197951][ T6048] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [pid 6047] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6046] ioctl(4, LOOP_CLR_FD) = 0 [pid 6046] close(4) = 0 [pid 6046] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] exit_group(0) = ? [pid 6047] <... futex resumed>) = ? [pid 6046] <... futex resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6046] +++ exited with 0 +++ [pid 6045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./263/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/bus") = 0 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 umount2("./263/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6050 ./strace-static-x86_64: Process 6050 attached [pid 6050] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6050] chdir("./264") = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 74.206487][ T6046] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 74.222951][ T6046] EXT4-fs (loop0): get root inode failed [ 74.228722][ T6046] EXT4-fs (loop0): mount failed [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6050] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6050] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6051 attached [pid 6051] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6050] <... clone3 resumed> => {parent_tid=[6051]}, 88) = 6051 [pid 6051] <... rseq resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 6051] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = 1 [pid 6051] memfd_create("syzkaller", 0 [pid 6050] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6051] <... memfd_create resumed>) = 3 [pid 6050] <... mmap resumed>) = 0x7f4380f51000 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6050] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6051] <... mmap resumed>) = 0x7f4378b51000 [pid 6050] <... mprotect resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6052]}, 88) = 6052 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6052 attached [pid 6051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6050] <... futex resumed>) = 0 [pid 6052] <... rseq resumed>) = 0 [pid 6050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6051] <... write resumed>) = 262144 [pid 6052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6052] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6050] <... futex resumed>) = 0 [pid 6052] fallocate(4, 0, 35143, 7 [pid 6050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] munmap(0x7f4378b51000, 262144) = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6051] ioctl(5, LOOP_SET_FD, 3 [pid 6052] <... fallocate resumed>) = 0 [pid 6052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6050] <... futex resumed>) = 0 [pid 6052] <... mount resumed>) = 0 [pid 6050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 6052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 1 [pid 6052] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6050] <... futex resumed>) = 0 [pid 6051] <... ioctl resumed>) = 0 [pid 6051] close(3) = 0 [pid 6051] mkdir("./file1", 0777) = 0 [pid 6051] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6050] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... write resumed>) = -1 EIO (Input/output error) [pid 6052] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6052] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6051] ioctl(5, LOOP_CLR_FD) = 0 [pid 6051] close(5) = 0 [pid 6051] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] exit_group(0 [pid 6052] <... futex resumed>) = ? [pid 6050] <... exit_group resumed>) = ? [pid 6051] <... futex resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ [pid 6050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./264/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/bus") = 0 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 umount2("./264/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6053 ./strace-static-x86_64: Process 6053 attached [pid 6053] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6053] chdir("./265") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6053] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6054 attached => {parent_tid=[6054]}, 88) = 6054 [pid 6054] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], [pid 6054] set_robust_list(0x7f4380f929a0, 24 [pid 6053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6054] <... set_robust_list resumed>) = 0 [pid 6053] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] <... futex resumed>) = 0 [pid 6054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] memfd_create("syzkaller", 0 [pid 6053] <... futex resumed>) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6053] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6054] <... memfd_create resumed>) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6053] <... mprotect resumed>) = 0 [pid 6054] <... mmap resumed>) = 0x7f4378b51000 [pid 6053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6055 attached => {parent_tid=[6055]}, 88) = 6055 [pid 6055] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], [pid 6055] set_robust_list(0x7f4380f719a0, 24 [pid 6053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6055] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] <... futex resumed>) = 0 [pid 6055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6055] <... open resumed>) = 4 [pid 6055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] fallocate(4, 0, 35143, 7 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] <... write resumed>) = 262144 [pid 6054] munmap(0x7f4378b51000, 262144) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 74.306563][ T6051] loop0: detected capacity change from 0 to 512 [ 74.312659][ T6052] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 74.322799][ T6052] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 74.334036][ T6051] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6054] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 6055] <... fallocate resumed>) = 0 [pid 6054] close(3 [pid 6055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... close resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6054] mkdir("./file1", 0777 [pid 6055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6054] <... mkdir resumed>) = 0 [pid 6053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6054] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] <... futex resumed>) = 0 [pid 6055] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6053] <... futex resumed>) = 1 [pid 6055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... futex resumed>) = 0 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] <... futex resumed>) = 0 [pid 6055] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6053] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... write resumed>) = 262144 [pid 6055] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6055] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6054] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6054] ioctl(5, LOOP_CLR_FD) = 0 [pid 6054] close(5) = 0 [pid 6054] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] exit_group(0 [pid 6054] <... futex resumed>) = ? [pid 6055] <... futex resumed>) = ? [pid 6054] +++ exited with 0 +++ [pid 6053] <... exit_group resumed>) = ? [pid 6055] +++ exited with 0 +++ [pid 6053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./265/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/bus") = 0 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6056 attached , child_tidptr=0x555556e0f690) = 6056 [pid 6056] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6056] chdir("./266") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6056] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6056] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6057]}, 88) = 6057 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6056] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6056] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6058 attached ./strace-static-x86_64: Process 6057 attached [pid 6058] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6057] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6058] <... rseq resumed>) = 0 [pid 6057] <... rseq resumed>) = 0 [pid 6056] <... clone3 resumed> => {parent_tid=[6058]}, 88) = 6058 [pid 6057] set_robust_list(0x7f4380f929a0, 24 [pid 6058] set_robust_list(0x7f4380f719a0, 24 [pid 6057] <... set_robust_list resumed>) = 0 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] <... set_robust_list resumed>) = 0 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] rt_sigprocmask(SIG_SETMASK, [], [pid 6056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6056] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6056] <... futex resumed>) = 0 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6056] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... open resumed>) = 4 [pid 6058] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6056] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] fallocate(4, 0, 35143, 7 [pid 6057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 74.387969][ T6054] loop0: detected capacity change from 0 to 512 [ 74.407522][ T6054] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6058] <... fallocate resumed>) = 0 [pid 6058] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] <... futex resumed>) = 0 [pid 6058] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6057] munmap(0x7f4378b51000, 262144 [pid 6056] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... mount resumed>) = 0 [pid 6057] <... munmap resumed>) = 0 [pid 6058] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6058] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6056] <... futex resumed>) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6056] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6057] <... openat resumed>) = 5 [pid 6057] ioctl(5, LOOP_SET_FD, 3 [pid 6058] <... open resumed>) = 6 [pid 6058] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] <... ioctl resumed>) = 0 [pid 6056] <... futex resumed>) = 0 [pid 6057] close(3 [pid 6056] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] <... close resumed>) = 0 [pid 6058] <... futex resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6057] mkdir("./file1", 0777 [pid 6058] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6057] <... mkdir resumed>) = 0 [pid 6056] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6058] <... write resumed>) = 262144 [pid 6058] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] <... futex resumed>) = 0 [pid 6057] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6057] ioctl(5, LOOP_CLR_FD) = 0 [pid 6057] close(5) = 0 [pid 6057] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] exit_group(0 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] <... futex resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 6056] <... exit_group resumed>) = ? [pid 6057] <... futex resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./266/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/bus") = 0 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 umount2("./266/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached [pid 6059] set_robust_list(0x555556e0f6a0, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6059 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6059] chdir("./267") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6059] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6059] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6060 attached => {parent_tid=[6060]}, 88) = 6060 [pid 6060] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], [pid 6060] set_robust_list(0x7f4380f929a0, 24 [pid 6059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6059] <... futex resumed>) = 0 [pid 6060] memfd_create("syzkaller", 0 [pid 6059] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6060] <... memfd_create resumed>) = 3 [pid 6059] <... mmap resumed>) = 0x7f4380f51000 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6059] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6059] <... mprotect resumed>) = 0 [pid 6059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6061]}, 88) = 6061 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.471440][ T6057] loop0: detected capacity change from 0 to 512 [ 74.485477][ T6057] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... write resumed>) = 262144 [pid 6060] munmap(0x7f4378b51000, 262144) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6060] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6061 attached [pid 6061] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6061] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6059] <... futex resumed>) = 1 [pid 6061] fallocate(5, 0, 35143, 7 [pid 6059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... ioctl resumed>) = 0 [pid 6060] close(3) = 0 [pid 6060] mkdir("./file1", 0777) = 0 [pid 6060] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6061] <... fallocate resumed>) = 0 [pid 6061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6061] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] <... futex resumed>) = 1 [pid 6059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6061] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] <... futex resumed>) = 1 [pid 6059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6059] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6059] <... futex resumed>) = 1 [pid 6061] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6059] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... mount resumed>) = 0 [pid 6060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 6060] chdir("./file1") = 0 [pid 6060] ioctl(4, LOOP_CLR_FD) = 0 [pid 6060] close(4 [pid 6061] <... write resumed>) = 262144 [pid 6061] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... close resumed>) = 0 [pid 6061] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] <... futex resumed>) = 0 [pid 6059] exit_group(0) = ? [pid 6061] <... futex resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6060] <... futex resumed>) = ? [pid 6060] +++ exited with 0 +++ [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./267/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/bus") = 0 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 umount2("./267/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 74.529883][ T6060] loop0: detected capacity change from 0 to 512 [ 74.553652][ T6060] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/267/file1 supports timestamps until 2038-01-19 (0x7fffffff) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6065 attached , child_tidptr=0x555556e0f690) = 6065 [pid 6065] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6065] chdir("./268") = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] setpgid(0, 0) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6065] write(3, "1000", 4) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6065] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6066 attached [pid 6066] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6065] <... clone3 resumed> => {parent_tid=[6066]}, 88) = 6066 [pid 6066] <... rseq resumed>) = 0 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], [pid 6066] set_robust_list(0x7f4380f929a0, 24 [pid 6065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6066] <... set_robust_list resumed>) = 0 [pid 6065] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], [pid 6065] <... futex resumed>) = 0 [pid 6066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] memfd_create("syzkaller", 0 [pid 6065] <... futex resumed>) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6066] <... memfd_create resumed>) = 3 [pid 6065] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6065] <... mprotect resumed>) = 0 [pid 6066] <... mmap resumed>) = 0x7f4378b51000 [pid 6065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6067]}, 88) = 6067 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6065] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6067 attached [pid 6067] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6067] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... write resumed>) = 262144 [pid 6066] munmap(0x7f4378b51000, 262144) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6066] ioctl(5, LOOP_SET_FD, 3 [pid 6067] <... futex resumed>) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6066] <... ioctl resumed>) = 0 [pid 6065] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] close(3 [pid 6065] <... futex resumed>) = 0 [pid 6066] <... close resumed>) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] mkdir("./file1", 0777) = 0 [pid 6066] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6067] fallocate(4, 0, 35143, 7) = 0 [pid 6067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6067] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 6067] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] <... futex resumed>) = 0 [pid 6066] <... mount resumed>) = 0 [pid 6066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 6066] chdir("./file1") = 0 [pid 6066] ioctl(5, LOOP_CLR_FD) = 0 [pid 6066] close(5) = 0 [pid 6066] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] exit_group(0 [pid 6067] <... futex resumed>) = ? [pid 6067] +++ exited with 0 +++ [pid 6066] <... futex resumed>) = ? [pid 6065] <... exit_group resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./268/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/bus") = 0 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/binderfs") = 0 umount2("./268/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6070 attached [pid 6070] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6070] chdir("./269") = 0 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6070] setpgid(0, 0) = 0 [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6070 [pid 6070] <... openat resumed>) = 3 [pid 6070] write(3, "1000", 4) = 4 [pid 6070] close(3) = 0 [pid 6070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6070] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6070] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6071]}, 88) = 6071 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6070] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6071 attached [pid 6071] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6070] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... rseq resumed>) = 0 [pid 6071] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6070] <... futex resumed>) = 0 [ 74.623752][ T6066] loop0: detected capacity change from 0 to 512 [ 74.644582][ T6066] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/268/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 6071] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] <... mmap resumed>) = 0x7f4380f51000 [pid 6070] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6071] memfd_create("syzkaller", 0 [pid 6070] <... mprotect resumed>) = 0 [pid 6070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6071] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6072 attached [pid 6072] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6072] set_robust_list(0x7f4380f719a0, 24 [pid 6070] <... clone3 resumed> => {parent_tid=[6072]}, 88) = 6072 [pid 6072] <... set_robust_list resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] <... mmap resumed>) = 0x7f4378b51000 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6072] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... open resumed>) = 4 [pid 6071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] <... futex resumed>) = 0 [pid 6070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] fallocate(4, 0, 35143, 7 [pid 6071] <... write resumed>) = 262144 [pid 6071] munmap(0x7f4378b51000, 262144) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6071] ioctl(5, LOOP_SET_FD, 3 [pid 6072] <... fallocate resumed>) = 0 [pid 6072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] <... futex resumed>) = 0 [pid 6072] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... mount resumed>) = 0 [pid 6072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 6072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6072] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6070] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... ioctl resumed>) = 0 [pid 6071] close(3) = 0 [pid 6071] mkdir("./file1", 0777) = 0 [pid 6071] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6072] <... write resumed>) = -1 EIO (Input/output error) [pid 6072] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6072] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6071] ioctl(5, LOOP_CLR_FD) = 0 [pid 6071] close(5) = 0 [pid 6071] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] exit_group(0 [pid 6072] <... futex resumed>) = ? [pid 6071] <... futex resumed>) = ? [pid 6072] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ [pid 6070] <... exit_group resumed>) = ? [pid 6070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6070, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./269/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/bus") = 0 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6073 attached , child_tidptr=0x555556e0f690) = 6073 [pid 6073] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6073] chdir("./270") = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6073] setpgid(0, 0) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6073] write(3, "1000", 4) = 4 [pid 6073] close(3) = 0 [pid 6073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6073] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [ 74.722189][ T6071] loop0: detected capacity change from 0 to 512 [ 74.733853][ T6072] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 74.743575][ T6072] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 74.758551][ T6071] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6073] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6074]}, 88) = 6074 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6074 attached [pid 6073] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6074] set_robust_list(0x7f4380f929a0, 24 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6073] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6075 attached [pid 6075] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6075] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6073] <... clone3 resumed> => {parent_tid=[6075]}, 88) = 6075 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6075] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6074] memfd_create("syzkaller", 0 [pid 6075] <... open resumed>) = 3 [pid 6075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 1 [pid 6075] fallocate(3, 0, 35143, 7 [pid 6074] <... memfd_create resumed>) = 4 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6075] <... fallocate resumed>) = 0 [pid 6075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6075] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] <... futex resumed>) = 0 [pid 6075] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... mount resumed>) = 0 [pid 6075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 1 [pid 6075] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 5 [pid 6075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6075] <... futex resumed>) = 1 [pid 6073] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6073] <... futex resumed>) = 0 [pid 6075] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6073] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6074] munmap(0x7f4378b51000, 262144) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6074] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 6074] close(4) = 0 [pid 6074] mkdir("./file1", 0777) = 0 [pid 6074] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 6074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 6074] chdir("./file1") = 0 [pid 6074] ioctl(6, LOOP_CLR_FD) = 0 [pid 6074] close(6) = 0 [pid 6074] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] exit_group(0 [pid 6075] <... futex resumed>) = ? [pid 6074] <... futex resumed>) = ? [pid 6073] <... exit_group resumed>) = ? [pid 6075] +++ exited with 0 +++ [pid 6074] +++ exited with 0 +++ [pid 6073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6073, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./270/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/bus") = 0 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6078] chdir("./271" [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6078 [pid 6078] <... chdir resumed>) = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [ 74.826543][ T6074] loop0: detected capacity change from 0 to 512 [ 74.840103][ T6074] EXT4-fs (loop0): 1 orphan inode deleted [ 74.846088][ T6074] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/270/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6078] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6078] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6079 attached [pid 6079] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6078] <... clone3 resumed> => {parent_tid=[6079]}, 88) = 6079 [pid 6079] <... rseq resumed>) = 0 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] set_robust_list(0x7f4380f929a0, 24 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6078] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] memfd_create("syzkaller", 0 [pid 6078] <... futex resumed>) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6078] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6079] <... memfd_create resumed>) = 3 [pid 6078] <... mprotect resumed>) = 0 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6080] <... rseq resumed>) = 0 [pid 6080] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6080] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6078] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6080] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6080] fallocate(4, 0, 35143, 7 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... write resumed>) = 262144 [pid 6079] munmap(0x7f4378b51000, 262144) = 0 [pid 6080] <... fallocate resumed>) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6080] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6080] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6078] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... mount resumed>) = 0 [pid 6079] <... openat resumed>) = 5 [pid 6078] <... futex resumed>) = 0 [pid 6079] ioctl(5, LOOP_SET_FD, 3 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 6080] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] <... ioctl resumed>) = 0 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] close(3 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6079] <... close resumed>) = 0 [pid 6078] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] mkdir("./file1", 0777 [pid 6080] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6080] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6078] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... mkdir resumed>) = 0 [pid 6079] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6080] <... write resumed>) = 262144 [pid 6080] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6080] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6079] ioctl(5, LOOP_CLR_FD) = 0 [pid 6079] close(5) = 0 [pid 6079] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] exit_group(0 [pid 6080] <... futex resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6078] <... exit_group resumed>) = ? [pid 6079] <... futex resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./271/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/bus") = 0 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 umount2("./271/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6081] chdir("./272") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6081 [pid 6081] <... setpgid resumed>) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6081] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6082 attached => {parent_tid=[6082]}, 88) = 6082 [pid 6082] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] set_robust_list(0x7f4380f929a0, 24 [pid 6081] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... set_robust_list resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... futex resumed>) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6082] memfd_create("syzkaller", 0 [pid 6081] <... mmap resumed>) = 0x7f4380f51000 [pid 6081] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6082] <... memfd_create resumed>) = 3 [pid 6081] <... mprotect resumed>) = 0 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6082] <... mmap resumed>) = 0x7f4378b51000 [pid 6081] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6083]}, 88) = 6083 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6083 attached [pid 6083] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6083] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 74.932107][ T6079] loop0: detected capacity change from 0 to 512 [ 74.948832][ T6079] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6083] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] fallocate(4, 0, 35143, 7 [pid 6082] <... write resumed>) = 262144 [pid 6083] <... fallocate resumed>) = 0 [pid 6083] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6083] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6082] munmap(0x7f4378b51000, 262144) = 0 [pid 6083] <... mount resumed>) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6083] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6082] ioctl(5, LOOP_SET_FD, 3 [pid 6083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 6083] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6083] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6081] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... ioctl resumed>) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./file1", 0777) = 0 [pid 6082] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6083] <... write resumed>) = -1 EIO (Input/output error) [pid 6083] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6083] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6082] ioctl(5, LOOP_CLR_FD) = 0 [pid 6082] close(5) = 0 [pid 6082] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] exit_group(0 [pid 6083] <... futex resumed>) = ? [pid 6082] <... futex resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ [pid 6081] <... exit_group resumed>) = ? [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./272/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/bus") = 0 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 umount2("./272/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x555556e0f690) = 6084 [pid 6084] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6084] chdir("./273") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6084] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6084] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6085 attached [pid 6085] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6084] <... clone3 resumed> => {parent_tid=[6085]}, 88) = 6085 [ 75.003438][ T6082] loop0: detected capacity change from 0 to 512 [ 75.013388][ T6083] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 75.025810][ T6083] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 75.038095][ T6082] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6085] <... rseq resumed>) = 0 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] set_robust_list(0x7f4380f929a0, 24 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] <... set_robust_list resumed>) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] memfd_create("syzkaller", 0 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... memfd_create resumed>) = 3 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6084] <... mmap resumed>) = 0x7f4380f51000 [pid 6085] <... mmap resumed>) = 0x7f4378b51000 [pid 6084] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6084] <... mprotect resumed>) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6085] <... write resumed>) = 262144 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6085] munmap(0x7f4378b51000, 262144./strace-static-x86_64: Process 6086 attached [pid 6086] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6086] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6086] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] <... munmap resumed>) = 0 [pid 6084] <... clone3 resumed> => {parent_tid=[6086]}, 88) = 6086 [pid 6086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6086] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6085] <... openat resumed>) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6084] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] close(3 [pid 6086] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... close resumed>) = 0 [pid 6085] mkdir("./file1", 0777 [pid 6086] <... open resumed>) = 3 [pid 6085] <... mkdir resumed>) = 0 [pid 6085] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6086] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6086] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6086] fallocate(3, 0, 35143, 7 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... fallocate resumed>) = 0 [pid 6086] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6086] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6084] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... mount resumed>) = 0 [pid 6084] <... futex resumed>) = 0 [pid 6086] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6086] <... futex resumed>) = 0 [pid 6084] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6084] <... futex resumed>) = 0 [pid 6086] <... open resumed>) = 5 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6086] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6086] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... write resumed>) = 262144 [pid 6086] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6086] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... futex resumed>) = 0 [ 75.098655][ T6085] loop0: detected capacity change from 0 to 512 [ 75.117654][ T6087] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 75.123823][ T6085] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 75.143284][ T6085] EXT4-fs (loop0): get root inode failed [pid 6085] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6085] ioctl(4, LOOP_CLR_FD) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] exit_group(0) = ? [pid 6086] <... futex resumed>) = ? [pid 6086] +++ exited with 0 +++ [pid 6085] +++ exited with 0 +++ [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./273/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/bus") = 0 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 75.148978][ T6085] EXT4-fs (loop0): mount failed newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6089 ./strace-static-x86_64: Process 6089 attached [pid 6089] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6089] chdir("./274") = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6089] setpgid(0, 0) = 0 [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6089] write(3, "1000", 4) = 4 [pid 6089] close(3) = 0 [pid 6089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6089] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6089] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6090 attached [pid 6090] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6090] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6090] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] <... clone3 resumed> => {parent_tid=[6090]}, 88) = 6090 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6089] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6090] memfd_create("syzkaller", 0 [pid 6089] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... memfd_create resumed>) = 3 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b72000 [pid 6089] <... futex resumed>) = 0 [pid 6090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 6089] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 6091 attached => {parent_tid=[6091]}, 88) = 6091 [pid 6091] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6090] <... write resumed>) = 262144 [pid 6091] <... rseq resumed>) = 0 [pid 6090] munmap(0x7f4378b72000, 262144 [pid 6091] set_robust_list(0x7f4378b719a0, 24 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], [pid 6091] <... set_robust_list resumed>) = 0 [pid 6089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6090] <... munmap resumed>) = 0 [pid 6089] <... futex resumed>) = 0 [pid 6091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6089] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] <... openat resumed>) = 4 [pid 6090] ioctl(4, LOOP_SET_FD, 3 [pid 6091] <... open resumed>) = 5 [pid 6091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] <... futex resumed>) = 0 [pid 6091] fallocate(5, 0, 35143, 7 [pid 6089] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] <... ioctl resumed>) = 0 [pid 6090] close(3) = 0 [pid 6090] mkdir("./file1", 0777) = 0 [pid 6090] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6091] <... fallocate resumed>) = 0 [pid 6091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] <... futex resumed>) = 0 [pid 6091] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6089] <... futex resumed>) = 0 [pid 6091] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6089] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... mount resumed>) = 0 [pid 6091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] <... futex resumed>) = 0 [pid 6091] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6089] <... futex resumed>) = 0 [pid 6091] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6089] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... open resumed>) = 3 [pid 6091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6089] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] <... futex resumed>) = 1 [pid 6089] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 6091] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] <... futex resumed>) = 0 [pid 6090] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6090] ioctl(4, LOOP_CLR_FD) = 0 [pid 6090] close(4) = 0 [pid 6090] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] exit_group(0 [pid 6090] <... futex resumed>) = ? [pid 6090] +++ exited with 0 +++ [pid 6089] <... exit_group resumed>) = ? [pid 6091] <... futex resumed>) = ? [pid 6091] +++ exited with 0 +++ [pid 6089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./274/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/bus") = 0 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 umount2("./274/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.232361][ T6090] loop0: detected capacity change from 0 to 512 [ 75.249431][ T6090] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 75.263308][ T6090] EXT4-fs (loop0): get root inode failed [ 75.269400][ T6090] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6094] chdir("./275") = 0 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6094] write(3, "1000", 4) = 4 [pid 6094] close(3) = 0 [pid 5033] <... clone resumed>, child_tidptr=0x555556e0f690) = 6094 [pid 6094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6094] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6094] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6095 attached => {parent_tid=[6095]}, 88) = 6095 [pid 6095] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], [pid 6095] <... rseq resumed>) = 0 [pid 6095] set_robust_list(0x7f4380f929a0, 24 [pid 6094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] <... set_robust_list resumed>) = 0 [pid 6094] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] <... futex resumed>) = 0 [pid 6095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] memfd_create("syzkaller", 0 [pid 6094] <... futex resumed>) = 0 [pid 6094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6095] <... memfd_create resumed>) = 3 [pid 6094] <... mmap resumed>) = 0x7f4380f51000 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6094] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6096 attached => {parent_tid=[6096]}, 88) = 6096 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6094] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6096] <... rseq resumed>) = 0 [pid 6096] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6096] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6095] <... write resumed>) = 262144 [pid 6096] <... open resumed>) = 4 [pid 6096] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6095] munmap(0x7f4378b51000, 262144 [pid 6094] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] fallocate(4, 0, 35143, 7 [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] <... munmap resumed>) = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6095] ioctl(5, LOOP_SET_FD, 3 [pid 6096] <... fallocate resumed>) = 0 [pid 6096] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] <... ioctl resumed>) = 0 [pid 6095] close(3) = 0 [pid 6095] mkdir("./file1", 0777) = 0 [pid 6095] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6096] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6094] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... mount resumed>) = 0 [pid 6096] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6096] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] <... futex resumed>) = 0 [pid 6096] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6094] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... open resumed>) = 3 [pid 6096] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6096] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] <... futex resumed>) = 0 [pid 6096] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6094] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... write resumed>) = 262144 [pid 6096] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] <... futex resumed>) = 0 [pid 6095] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6095] ioctl(5, LOOP_CLR_FD) = 0 [pid 6095] close(5) = 0 [pid 6095] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] exit_group(0 [pid 6096] <... futex resumed>) = ? [pid 6095] <... futex resumed>) = ? [pid 6096] +++ exited with 0 +++ [pid 6095] +++ exited with 0 +++ [pid 6094] <... exit_group resumed>) = ? [pid 6094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./275/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/bus") = 0 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 [ 75.334096][ T6095] loop0: detected capacity change from 0 to 512 [ 75.347645][ T6097] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 75.354348][ T6095] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 75.373208][ T6095] EXT4-fs (loop0): get root inode failed [ 75.378894][ T6095] EXT4-fs (loop0): mount failed close(4) = 0 rmdir("./275/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6099 ./strace-static-x86_64: Process 6099 attached [pid 6099] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6099] chdir("./276") = 0 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6099] setpgid(0, 0) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6099] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6100 attached [pid 6100] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6099] <... clone3 resumed> => {parent_tid=[6100]}, 88) = 6100 [pid 6100] <... rseq resumed>) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6100] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6099] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] memfd_create("syzkaller", 0 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... memfd_create resumed>) = 3 [pid 6099] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... mmap resumed>) = 0x7f4378b72000 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4378b51000 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6099] mprotect(0x7f4378b52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] <... write resumed>) = 262144 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6100] munmap(0x7f4378b72000, 262144 [pid 6099] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4378b71990, parent_tid=0x7f4378b71990, exit_signal=0, stack=0x7f4378b51000, stack_size=0x20300, tls=0x7f4378b716c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f4378b71fe0, 0x20, 0, 0x53053053 [pid 6099] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6101] <... rseq resumed>) = 0 [pid 6101] set_robust_list(0x7f4378b719a0, 24 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... set_robust_list resumed>) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6099] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... open resumed>) = 4 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... munmap resumed>) = 0 [pid 6099] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6101] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] fallocate(4, 0, 35143, 7 [pid 6099] <... futex resumed>) = 1 [pid 6099] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... openat resumed>) = 5 [pid 6100] ioctl(5, LOOP_SET_FD, 3 [pid 6101] <... fallocate resumed>) = 0 [pid 6101] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6099] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6101] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6101] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6101] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6099] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 6 [pid 6101] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6101] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... ioctl resumed>) = 0 [pid 6100] close(3) = 0 [pid 6100] mkdir("./file1", 0777 [pid 6099] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... write resumed>) = 262144 [pid 6101] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6101] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... mkdir resumed>) = 0 [pid 6100] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 6100] ioctl(5, LOOP_CLR_FD) = 0 [pid 6100] close(5) = 0 [pid 6100] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] exit_group(0 [pid 6100] <... futex resumed>) = ? [pid 6099] <... exit_group resumed>) = ? [pid 6101] <... futex resumed>) = ? [pid 6100] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ [pid 6099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./276/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/bus") = 0 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6102 attached , child_tidptr=0x555556e0f690) = 6102 [pid 6102] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6102] chdir("./277") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [ 75.444650][ T6100] loop0: detected capacity change from 0 to 512 [ 75.457405][ T6100] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6102] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6103]}, 88) = 6103 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6102] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6103 attached [pid 6103] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6102] <... futex resumed>) = 0 [pid 6103] <... rseq resumed>) = 0 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] set_robust_list(0x7f4380f929a0, 24 [pid 6102] <... futex resumed>) = 0 [pid 6103] <... set_robust_list resumed>) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6102] <... mmap resumed>) = 0x7f4380f51000 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6103] <... memfd_create resumed>) = 3 [pid 6102] <... mprotect resumed>) = 0 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6104 attached => {parent_tid=[6104]}, 88) = 6104 [pid 6104] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] <... rseq resumed>) = 0 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] set_robust_list(0x7f4380f719a0, 24 [pid 6102] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... set_robust_list resumed>) = 0 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... futex resumed>) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6104] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6104] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6104] fallocate(4, 0, 35143, 7 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6103] munmap(0x7f4378b51000, 262144) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6103] ioctl(5, LOOP_SET_FD, 3 [pid 6104] <... fallocate resumed>) = 0 [pid 6104] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6104] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... futex resumed>) = 1 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 6 [pid 6103] <... ioctl resumed>) = 0 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] close(3 [pid 6102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6103] <... close resumed>) = 0 [pid 6103] mkdir("./file1", 0777) = 0 [pid 6103] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6104] <... write resumed>) = 262144 [pid 6104] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6104] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6103] ioctl(5, LOOP_CLR_FD) = 0 [pid 6103] close(5) = 0 [pid 6103] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] exit_group(0 [pid 6104] <... futex resumed>) = ? [pid 6104] +++ exited with 0 +++ [pid 6102] <... exit_group resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./277/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/bus") = 0 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 umount2("./277/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6105 attached , child_tidptr=0x555556e0f690) = 6105 [pid 6105] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6105] chdir("./278") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6105] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6105] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [ 75.524298][ T6103] loop0: detected capacity change from 0 to 512 [ 75.542039][ T6103] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6106 attached [pid 6106] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6105] <... clone3 resumed> => {parent_tid=[6106]}, 88) = 6106 [pid 6106] <... rseq resumed>) = 0 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6106] set_robust_list(0x7f4380f929a0, 24 [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6106] <... set_robust_list resumed>) = 0 [pid 6105] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6106] memfd_create("syzkaller", 0 [pid 6105] <... mmap resumed>) = 0x7f4380f51000 [pid 6105] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6107 attached [pid 6107] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6105] <... clone3 resumed> => {parent_tid=[6107]}, 88) = 6107 [pid 6107] set_robust_list(0x7f4380f719a0, 24 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6107] <... set_robust_list resumed>) = 0 [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6107] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6107] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6105] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... memfd_create resumed>) = 4 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6107] <... open resumed>) = 3 [pid 6107] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6106] <... mmap resumed>) = 0x7f4378b51000 [pid 6105] <... futex resumed>) = 0 [pid 6107] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] <... futex resumed>) = 0 [pid 6107] fallocate(3, 0, 35143, 7 [pid 6105] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6107] <... fallocate resumed>) = 0 [pid 6107] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6107] <... futex resumed>) = 1 [pid 6105] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6105] <... futex resumed>) = 0 [pid 6107] <... mount resumed>) = 0 [pid 6106] <... write resumed>) = 262144 [pid 6105] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] munmap(0x7f4378b51000, 262144 [pid 6107] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... munmap resumed>) = 0 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6105] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6107] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6105] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6107] <... open resumed>) = 6 [pid 6106] <... openat resumed>) = 5 [pid 6107] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] ioctl(5, LOOP_SET_FD, 4 [pid 6105] <... futex resumed>) = 0 [pid 6107] <... futex resumed>) = 1 [pid 6106] <... ioctl resumed>) = 0 [pid 6105] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6105] <... futex resumed>) = 0 [pid 6106] close(4) = 0 [pid 6106] mkdir("./file1", 0777) = 0 [pid 6106] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6105] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6107] <... write resumed>) = 262144 [pid 6107] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6107] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6106] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6106] ioctl(5, LOOP_CLR_FD) = 0 [pid 6106] close(5) = 0 [pid 6106] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] exit_group(0) = ? [pid 6107] <... futex resumed>) = ? [pid 6106] <... futex resumed>) = ? [pid 6107] +++ exited with 0 +++ [pid 6106] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./278/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/bus") = 0 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6108 attached , child_tidptr=0x555556e0f690) = 6108 [pid 6108] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6108] chdir("./279") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6108] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6109]}, 88) = 6109 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6108] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6108] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6109 attached [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6110 attached [pid 6109] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6108] <... clone3 resumed> => {parent_tid=[6110]}, 88) = 6110 [pid 6110] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] <... rseq resumed>) = 0 [pid 6110] <... rseq resumed>) = 0 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] set_robust_list(0x7f4380f719a0, 24 [pid 6108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6110] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6109] set_robust_list(0x7f4380f929a0, 24 [pid 6110] <... open resumed>) = 3 [pid 6110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... futex resumed>) = 0 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] fallocate(3, 0, 35143, 7 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... set_robust_list resumed>) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6109] memfd_create("syzkaller", 0) = 4 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6110] <... fallocate resumed>) = 0 [pid 6110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] <... futex resumed>) = 0 [pid 6110] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... mount resumed>) = 0 [pid 6110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6110] <... futex resumed>) = 1 [pid 6108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6108] <... futex resumed>) = 0 [pid 6110] <... open resumed>) = 5 [pid 6108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... futex resumed>) = 1 [pid 6110] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 6110] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6110] <... futex resumed>) = 1 [pid 6110] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... mmap resumed>) = 0x7f4378b51000 [pid 6109] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6109] munmap(0x7f4378b51000, 262144) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 75.599503][ T6106] loop0: detected capacity change from 0 to 512 [ 75.613417][ T6106] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6109] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 6109] close(4) = 0 [pid 6109] mkdir("./file1", 0777) = 0 [pid 6109] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 6109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 6109] chdir("./file1") = 0 [pid 6109] ioctl(6, LOOP_CLR_FD) = 0 [pid 6109] close(6) = 0 [pid 6109] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] exit_group(0) = ? [pid 6110] <... futex resumed>) = ? [pid 6110] +++ exited with 0 +++ [pid 6109] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./279/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/bus") = 0 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6113 ./strace-static-x86_64: Process 6113 attached [pid 6113] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6113] chdir("./280") = 0 [ 75.656256][ T6109] loop0: detected capacity change from 0 to 512 [ 75.671046][ T6109] EXT4-fs (loop0): 1 orphan inode deleted [ 75.676989][ T6109] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/279/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6113] setpgid(0, 0) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6113] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6114]}, 88) = 6114 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6113] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6114 attached [pid 6113] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6113] <... futex resumed>) = 0 [pid 6114] <... rseq resumed>) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6114] set_robust_list(0x7f4380f929a0, 24 [pid 6113] <... mmap resumed>) = 0x7f4380f51000 [pid 6114] <... set_robust_list resumed>) = 0 [pid 6113] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] <... mprotect resumed>) = 0 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6114] memfd_create("syzkaller", 0 [pid 6113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6114] <... memfd_create resumed>) = 3 [pid 6113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6115 attached ) = 0x7f4378b51000 [pid 6113] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6115] <... rseq resumed>) = 0 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6115] set_robust_list(0x7f4380f719a0, 24 [pid 6114] <... write resumed>) = 262144 [pid 6113] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6113] <... futex resumed>) = 0 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6114] munmap(0x7f4378b51000, 262144) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6114] ioctl(5, LOOP_SET_FD, 3 [pid 6115] <... open resumed>) = 4 [pid 6114] <... ioctl resumed>) = 0 [pid 6114] close(3) = 0 [pid 6114] mkdir("./file1", 0777 [pid 6115] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... mkdir resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6113] <... futex resumed>) = 0 [pid 6115] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6115] fallocate(4, 0, 35143, 7 [pid 6113] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... fallocate resumed>) = 0 [pid 6115] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6115] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6115] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6115] <... futex resumed>) = 0 [pid 6113] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6115] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6115] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6115] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6113] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... write resumed>) = 262144 [pid 6115] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6115] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... mount resumed>) = 0 [pid 6114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 6114] chdir("./file1") = 0 [pid 6114] ioctl(5, LOOP_CLR_FD) = 0 [pid 6114] close(5) = 0 [pid 6114] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] exit_group(0 [pid 6115] <... futex resumed>) = ? [pid 6113] <... exit_group resumed>) = ? [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./280/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/bus") = 0 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 [ 75.757629][ T6114] loop0: detected capacity change from 0 to 512 [ 75.770467][ T6114] EXT4-fs (loop0): 1 orphan inode deleted [ 75.776203][ T6114] ext4 filesystem being mounted at /root/syzkaller.F1Lso8/280/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./280/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6118 attached , child_tidptr=0x555556e0f690) = 6118 [pid 6118] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6118] chdir("./281") = 0 [pid 6118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6118] setpgid(0, 0) = 0 [pid 6118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6118] write(3, "1000", 4) = 4 [pid 6118] close(3) = 0 [pid 6118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6118] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6118] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6119 attached [pid 6119] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6119] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], [pid 6118] <... clone3 resumed> => {parent_tid=[6119]}, 88) = 6119 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6118] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6118] <... mprotect resumed>) = 0 [pid 6118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6119] memfd_create("syzkaller", 0 [pid 6118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6120 attached [pid 6119] <... memfd_create resumed>) = 3 [pid 6119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6120] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6118] <... clone3 resumed> => {parent_tid=[6120]}, 88) = 6120 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] <... rseq resumed>) = 0 [pid 6118] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] set_robust_list(0x7f4380f719a0, 24 [pid 6119] <... mmap resumed>) = 0x7f4378b51000 [pid 6120] <... set_robust_list resumed>) = 0 [pid 6118] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6120] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = 0 [ 75.825770][ T5033] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 75.835714][ T5033] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor369: mark_inode_dirty error [pid 6118] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6119] <... write resumed>) = 262144 [pid 6120] fallocate(4, 0, 35143, 7 [pid 6119] munmap(0x7f4378b51000, 262144 [pid 6118] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] <... munmap resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6119] ioctl(5, LOOP_SET_FD, 3 [pid 6120] <... fallocate resumed>) = 0 [pid 6119] <... ioctl resumed>) = 0 [pid 6120] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] close(3 [pid 6120] <... futex resumed>) = 1 [pid 6119] <... close resumed>) = 0 [pid 6118] <... futex resumed>) = 0 [pid 6120] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] mkdir("./file1", 0777 [pid 6118] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... mkdir resumed>) = 0 [pid 6118] <... futex resumed>) = 0 [pid 6120] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6119] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6118] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... mount resumed>) = 0 [pid 6120] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6120] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6118] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6118] <... futex resumed>) = 0 [pid 6120] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6118] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... open resumed>) = 3 [pid 6120] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6120] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6118] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6118] <... futex resumed>) = 0 [pid 6120] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6118] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... write resumed>) = 262144 [pid 6120] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6120] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6119] ioctl(5, LOOP_CLR_FD) = 0 [pid 6119] close(5) = 0 [pid 6119] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] exit_group(0 [pid 6120] <... futex resumed>) = ? [pid 6119] +++ exited with 0 +++ [pid 6118] <... exit_group resumed>) = ? [pid 6120] +++ exited with 0 +++ [pid 6118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6118, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./281/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/bus") = 0 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6121 ./strace-static-x86_64: Process 6121 attached [pid 6121] set_robust_list(0x555556e0f6a0, 24) = 0 [ 75.889485][ T6119] loop0: detected capacity change from 0 to 512 [ 75.917095][ T6119] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6121] chdir("./282") = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6121] setpgid(0, 0) = 0 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6121] write(3, "1000", 4) = 4 [pid 6121] close(3) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6121] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6121] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6122 attached [pid 6122] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6121] <... clone3 resumed> => {parent_tid=[6122]}, 88) = 6122 [pid 6122] <... rseq resumed>) = 0 [pid 6122] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6122] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6122] memfd_create("syzkaller", 0 [pid 6121] <... futex resumed>) = 1 [pid 6121] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] <... memfd_create resumed>) = 3 [pid 6121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6121] <... mmap resumed>) = 0x7f4380f51000 [pid 6122] <... mmap resumed>) = 0x7f4378b51000 [pid 6121] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6123 attached [pid 6123] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6121] <... clone3 resumed> => {parent_tid=[6123]}, 88) = 6123 [pid 6123] <... rseq resumed>) = 0 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6121] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6122] <... write resumed>) = 262144 [pid 6121] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] fallocate(4, 0, 35143, 7 [pid 6121] <... futex resumed>) = 0 [pid 6121] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] munmap(0x7f4378b51000, 262144) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6122] ioctl(5, LOOP_SET_FD, 3 [pid 6123] <... fallocate resumed>) = 0 [pid 6123] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6121] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6121] <... futex resumed>) = 0 [pid 6123] <... mount resumed>) = 0 [pid 6121] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6121] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6123] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6121] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... open resumed>) = 6 [pid 6123] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6121] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 1 [pid 6123] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6122] <... ioctl resumed>) = 0 [pid 6122] close(3) = 0 [pid 6122] mkdir("./file1", 0777) = 0 [pid 6122] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6123] <... write resumed>) = -1 EIO (Input/output error) [pid 6123] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6123] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6122] ioctl(5, LOOP_CLR_FD) = 0 [pid 6122] close(5) = 0 [pid 6122] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] exit_group(0 [pid 6123] <... futex resumed>) = ? [pid 6121] <... exit_group resumed>) = ? [pid 6123] +++ exited with 0 +++ [pid 6122] <... futex resumed>) = ? [pid 6122] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./282/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/bus") = 0 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.991448][ T6122] loop0: detected capacity change from 0 to 512 [ 75.997492][ T6123] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 76.007910][ T56] cfg80211: failed to load regulatory.db [ 76.009315][ T6123] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 76.027546][ T6122] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6124 attached , child_tidptr=0x555556e0f690) = 6124 [pid 6124] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6124] chdir("./283") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6124] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6124] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6125 attached [pid 6125] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6124] <... clone3 resumed> => {parent_tid=[6125]}, 88) = 6125 [pid 6125] <... rseq resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6125] set_robust_list(0x7f4380f929a0, 24 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6124] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] <... futex resumed>) = 0 [pid 6125] memfd_create("syzkaller", 0 [pid 6124] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6125] <... memfd_create resumed>) = 3 [pid 6124] <... mmap resumed>) = 0x7f4380f51000 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6124] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6124] <... mprotect resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6126]}, 88) = 6126 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... write resumed>) = 262144 [pid 6125] munmap(0x7f4378b51000, 262144) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6125] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6126 attached [pid 6126] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6126] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6126] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6125] <... ioctl resumed>) = 0 [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] close(3 [pid 6126] <... futex resumed>) = 0 [pid 6125] <... close resumed>) = 0 [pid 6124] <... futex resumed>) = 1 [pid 6126] fallocate(5, 0, 35143, 7 [pid 6125] mkdir("./file1", 0777 [pid 6124] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... mkdir resumed>) = 0 [pid 6125] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6126] <... fallocate resumed>) = 0 [pid 6126] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6126] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6126] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6124] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] <... mount resumed>) = 0 [pid 6126] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6126] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6126] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6124] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] <... open resumed>) = 3 [pid 6126] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6126] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6124] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] <... write resumed>) = 262144 [pid 6126] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... futex resumed>) = 0 [ 76.081319][ T6125] loop0: detected capacity change from 0 to 512 [ 76.099408][ T6127] EXT4-fs warning (device loop0): kmmpd:167: kmmpd being stopped since MMP feature has been disabled. [ 76.110409][ T6125] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 76.124127][ T6125] EXT4-fs (loop0): get root inode failed [pid 6125] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6125] ioctl(4, LOOP_CLR_FD) = 0 [pid 6125] close(4) = 0 [pid 6125] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] exit_group(0) = ? [pid 6126] <... futex resumed>) = ? [pid 6125] <... futex resumed>) = ? [pid 6126] +++ exited with 0 +++ [pid 6125] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./283/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/bus") = 0 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 umount2("./283/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6129 attached , child_tidptr=0x555556e0f690) = 6129 [pid 6129] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6129] chdir("./284") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6129] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6130 attached => {parent_tid=[6130]}, 88) = 6130 [pid 6130] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] <... rseq resumed>) = 0 [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6130] set_robust_list(0x7f4380f929a0, 24 [pid 6129] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... set_robust_list resumed>) = 0 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [ 76.129781][ T6125] EXT4-fs (loop0): mount failed [pid 6130] rt_sigprocmask(SIG_SETMASK, [], [pid 6129] <... futex resumed>) = 0 [pid 6130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6130] memfd_create("syzkaller", 0 [pid 6129] <... mmap resumed>) = 0x7f4380f51000 [pid 6129] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6130] <... memfd_create resumed>) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6130] <... mmap resumed>) = 0x7f4378b51000 [pid 6129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6129] <... clone3 resumed> => {parent_tid=[6131]}, 88) = 6131 ./strace-static-x86_64: Process 6131 attached [pid 6129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6129] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... write resumed>) = 262144 [pid 6131] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6131] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6130] munmap(0x7f4378b51000, 262144 [pid 6131] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6131] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... munmap resumed>) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6130] ioctl(5, LOOP_SET_FD, 3 [pid 6131] <... futex resumed>) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 1 [pid 6131] fallocate(4, 0, 35143, 7 [pid 6129] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... ioctl resumed>) = 0 [pid 6130] close(3) = 0 [pid 6130] mkdir("./file1", 0777 [pid 6131] <... fallocate resumed>) = 0 [pid 6131] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 1 [pid 6131] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6129] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6131] <... mount resumed>) = 0 [pid 6131] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6131] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6129] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6131] <... open resumed>) = 3 [pid 6131] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... mkdir resumed>) = 0 [pid 6131] <... futex resumed>) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6131] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6129] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6131] <... write resumed>) = 262144 [pid 6131] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6130] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6130] ioctl(5, LOOP_CLR_FD) = 0 [pid 6130] close(5) = 0 [pid 6130] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] exit_group(0 [pid 6131] <... futex resumed>) = ? [pid 6129] <... exit_group resumed>) = ? [pid 6131] +++ exited with 0 +++ [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./284/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/bus") = 0 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6132 attached , child_tidptr=0x555556e0f690) = 6132 [pid 6132] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6132] chdir("./285") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6132] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6132] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 6133] <... rseq resumed>) = 0 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], [pid 6133] set_robust_list(0x7f4380f929a0, 24 [pid 6132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6133] <... set_robust_list resumed>) = 0 [pid 6132] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6132] <... futex resumed>) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 6132] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6133] <... memfd_create resumed>) = 3 [pid 6132] <... mmap resumed>) = 0x7f4380f51000 [pid 6132] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6132] <... mprotect resumed>) = 0 [pid 6133] <... mmap resumed>) = 0x7f4378b51000 [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6132] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6134]}, 88) = 6134 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6132] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... write resumed>) = 262144 ./strace-static-x86_64: Process 6134 attached [ 76.184149][ T6130] loop0: detected capacity change from 0 to 512 [ 76.205164][ T6130] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 6133] munmap(0x7f4378b51000, 262144 [pid 6134] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6134] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6133] <... munmap resumed>) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6133] ioctl(5, LOOP_SET_FD, 3 [pid 6134] <... open resumed>) = 4 [pid 6133] <... ioctl resumed>) = 0 [pid 6134] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] close(3) = 0 [pid 6133] mkdir("./file1", 0777) = 0 [pid 6133] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6134] <... futex resumed>) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] fallocate(4, 0, 35143, 7) = 0 [pid 6134] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... mount resumed>) = 0 [pid 6134] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6134] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = 0 [pid 6132] <... futex resumed>) = 1 [pid 6134] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6132] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... open resumed>) = 3 [pid 6134] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... write resumed>) = 262144 [pid 6134] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 0 [pid 6133] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6133] ioctl(5, LOOP_CLR_FD) = 0 [pid 6133] close(5) = 0 [pid 6133] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] exit_group(0 [pid 6134] <... futex resumed>) = ? [pid 6132] <... exit_group resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6133] <... futex resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./285/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/bus") = 0 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 umount2("./285/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6137 attached , child_tidptr=0x555556e0f690) = 6137 [pid 6137] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6137] chdir("./286") = 0 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6137] setpgid(0, 0) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] write(3, "1000", 4) = 4 [pid 6137] close(3) = 0 [pid 6137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6137] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6137] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6138 attached [pid 6138] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6137] <... clone3 resumed> => {parent_tid=[6138]}, 88) = 6138 [pid 6138] <... rseq resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] set_robust_list(0x7f4380f929a0, 24 [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] <... set_robust_list resumed>) = 0 [pid 6137] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6137] <... futex resumed>) = 0 [pid 6138] memfd_create("syzkaller", 0 [pid 6137] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6138] <... memfd_create resumed>) = 3 [pid 6137] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6137] <... mprotect resumed>) = 0 [pid 6138] <... mmap resumed>) = 0x7f4378b51000 [pid 6138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6139]}, 88) = 6139 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6137] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6139 attached [pid 6139] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6139] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6139] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6139] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6139] fallocate(4, 0, 35143, 7 [pid 6137] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... write resumed>) = 262144 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.242951][ T6133] loop0: detected capacity change from 0 to 512 [ 76.260678][ T6133] EXT4-fs (loop0): failed to initialize system zone (-117) [ 76.269402][ T6133] EXT4-fs (loop0): mount failed [pid 6138] munmap(0x7f4378b51000, 262144) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6138] ioctl(5, LOOP_SET_FD, 3 [pid 6139] <... fallocate resumed>) = 0 [pid 6139] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6139] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] <... futex resumed>) = 0 [pid 6139] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6137] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... ioctl resumed>) = 0 [pid 6138] close(3) = 0 [pid 6138] mkdir("./file1", 0777 [pid 6139] <... mount resumed>) = 0 [pid 6139] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6139] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6138] <... mkdir resumed>) = 0 [pid 6138] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6139] <... open resumed>) = 3 [pid 6139] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6139] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] <... futex resumed>) = 0 [pid 6139] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6137] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... write resumed>) = 262144 [pid 6139] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] <... futex resumed>) = 0 [pid 6138] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6138] ioctl(5, LOOP_CLR_FD) = 0 [pid 6138] close(5) = 0 [pid 6138] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] exit_group(0 [pid 6138] <... futex resumed>) = ? [pid 6138] +++ exited with 0 +++ [pid 6139] <... futex resumed>) = ? [pid 6137] <... exit_group resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./286/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/bus") = 0 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 umount2("./286/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6140 ./strace-static-x86_64: Process 6140 attached [pid 6140] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6140] chdir("./287") = 0 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6140] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6140] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0} => {parent_tid=[6141]}, 88) = 6141 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6140] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6140] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6141 attached [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6142 attached => {parent_tid=[6142]}, 88) = 6142 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] <... rseq resumed>) = 0 [pid 6140] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] set_robust_list(0x7f4380f719a0, 24 [pid 6140] <... futex resumed>) = 0 [pid 6142] <... set_robust_list resumed>) = 0 [pid 6140] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6142] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 6141] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6141] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6142] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6140] <... futex resumed>) = 0 [pid 6142] fallocate(3, 0, 35143, 7 [pid 6141] memfd_create("syzkaller", 0 [pid 6140] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... memfd_create resumed>) = 4 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [ 76.325297][ T6138] loop0: detected capacity change from 0 to 512 [ 76.336792][ T6138] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 76.346934][ T6138] EXT4-fs (loop0): group descriptors corrupted! [pid 6141] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6142] <... fallocate resumed>) = 0 [pid 6141] <... write resumed>) = 262144 [pid 6142] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] munmap(0x7f4378b51000, 262144 [pid 6142] <... futex resumed>) = 1 [pid 6141] <... munmap resumed>) = 0 [pid 6140] <... futex resumed>) = 0 [pid 6142] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6140] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6140] <... futex resumed>) = 1 [pid 6142] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6140] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... mount resumed>) = 0 [pid 6141] <... openat resumed>) = 5 [pid 6141] ioctl(5, LOOP_SET_FD, 4 [pid 6142] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6142] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6142] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6140] <... futex resumed>) = 0 [pid 6142] <... open resumed>) = 6 [pid 6142] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... ioctl resumed>) = 0 [pid 6140] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] close(4 [pid 6140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... close resumed>) = 0 [pid 6140] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6141] mkdir("./file1", 0777 [pid 6140] <... futex resumed>) = 1 [pid 6142] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6140] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... mkdir resumed>) = 0 [pid 6141] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6142] <... write resumed>) = 262144 [pid 6142] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 6142] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6141] ioctl(5, LOOP_CLR_FD) = 0 [pid 6141] close(5) = 0 [pid 6141] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] exit_group(0) = ? [pid 6142] <... futex resumed>) = ? [pid 6142] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./287/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/bus") = 0 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 76.411201][ T6141] loop0: detected capacity change from 0 to 512 [ 76.425166][ T6141] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6143 attached , child_tidptr=0x555556e0f690) = 6143 [pid 6143] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6143] chdir("./288") = 0 [pid 6143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6143] setpgid(0, 0) = 0 [pid 6143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6143] write(3, "1000", 4) = 4 [pid 6143] close(3) = 0 [pid 6143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6143] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6143] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6144 attached [pid 6144] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6143] <... clone3 resumed> => {parent_tid=[6144]}, 88) = 6144 [pid 6144] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] memfd_create("syzkaller", 0 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] <... memfd_create resumed>) = 3 [pid 6143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6143] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6145]}, 88) = 6145 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6145 attached [pid 6143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6143] <... futex resumed>) = 0 [pid 6145] <... rseq resumed>) = 0 [pid 6143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6144] <... write resumed>) = 262144 [pid 6145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6144] munmap(0x7f4378b51000, 262144 [pid 6145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6143] <... futex resumed>) = 0 [pid 6145] fallocate(4, 0, 35143, 7 [pid 6144] <... munmap resumed>) = 0 [pid 6143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6144] ioctl(5, LOOP_SET_FD, 3 [pid 6145] <... fallocate resumed>) = 0 [pid 6144] <... ioctl resumed>) = 0 [pid 6145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] close(3 [pid 6143] <... futex resumed>) = 0 [pid 6145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... close resumed>) = 0 [pid 6144] mkdir("./file1", 0777 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6143] <... futex resumed>) = 0 [pid 6145] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... mkdir resumed>) = 0 [pid 6145] <... mount resumed>) = 0 [pid 6144] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = 0 [pid 6143] <... futex resumed>) = 1 [pid 6145] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c [pid 6143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... open resumed>) = 3 [pid 6145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 6145] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6145] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6144] ioctl(5, LOOP_CLR_FD) = 0 [pid 6144] close(5) = 0 [pid 6144] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] exit_group(0 [pid 6145] <... futex resumed>) = ? [pid 6143] <... exit_group resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6144] <... futex resumed>) = ? [pid 6144] +++ exited with 0 +++ [pid 6143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6143, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./288/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/bus") = 0 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6146 attached , child_tidptr=0x555556e0f690) = 6146 [pid 6146] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6146] chdir("./289") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6146] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6146] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6147 attached => {parent_tid=[6147]}, 88) = 6147 [pid 6147] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] set_robust_list(0x7f4380f929a0, 24) = 0 [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6146] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6146] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [ 76.496414][ T6144] loop0: detected capacity change from 0 to 512 [ 76.517035][ T6144] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6146] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6147] memfd_create("syzkaller", 0 [pid 6146] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6147] <... memfd_create resumed>) = 3 [pid 6147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6148 attached => {parent_tid=[6148]}, 88) = 6148 [pid 6148] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] <... rseq resumed>) = 0 [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] set_robust_list(0x7f4380f719a0, 24 [pid 6146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... set_robust_list resumed>) = 0 [pid 6146] <... futex resumed>) = 0 [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] fallocate(4, 0, 35143, 7 [pid 6147] <... write resumed>) = 262144 [pid 6147] munmap(0x7f4378b51000, 262144) = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6147] ioctl(5, LOOP_SET_FD, 3 [pid 6148] <... fallocate resumed>) = 0 [pid 6147] <... ioctl resumed>) = 0 [pid 6148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] close(3 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... close resumed>) = 0 [pid 6148] <... mount resumed>) = 0 [pid 6147] mkdir("./file1", 0777 [pid 6148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... mkdir resumed>) = 0 [pid 6148] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 0 [pid 6148] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6146] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... write resumed>) = 262144 [pid 6148] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6148] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6147] ioctl(5, LOOP_CLR_FD) = 0 [pid 6147] close(5) = 0 [pid 6147] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] exit_group(0 [pid 6148] <... futex resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6146] <... exit_group resumed>) = ? [pid 6147] <... futex resumed>) = ? [pid 6147] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./289/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/bus") = 0 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 76.588333][ T6147] loop0: detected capacity change from 0 to 512 [ 76.601388][ T6147] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6149 attached , child_tidptr=0x555556e0f690) = 6149 [pid 6149] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6149] chdir("./290") = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6149] setpgid(0, 0) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6149] write(3, "1000", 4) = 4 [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6149] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6149] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6150 attached [pid 6150] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6149] <... clone3 resumed> => {parent_tid=[6150]}, 88) = 6150 [pid 6150] <... rseq resumed>) = 0 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], [pid 6150] set_robust_list(0x7f4380f929a0, 24 [pid 6149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6150] <... set_robust_list resumed>) = 0 [pid 6149] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] rt_sigprocmask(SIG_SETMASK, [], [pid 6149] <... futex resumed>) = 0 [pid 6150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6149] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] memfd_create("syzkaller", 0 [pid 6149] <... futex resumed>) = 0 [pid 6150] <... memfd_create resumed>) = 3 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6149] <... mmap resumed>) = 0x7f4380f51000 [pid 6150] <... mmap resumed>) = 0x7f4378b51000 [pid 6149] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 6149] <... mprotect resumed>) = 0 [pid 6149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} => {parent_tid=[6151]}, 88) = 6151 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6151] set_robust_list(0x7f4380f719a0, 24 [pid 6150] <... write resumed>) = 262144 [pid 6151] <... set_robust_list resumed>) = 0 [pid 6150] munmap(0x7f4378b51000, 262144 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], [pid 6150] <... munmap resumed>) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6150] ioctl(4, LOOP_SET_FD, 3 [pid 6151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6151] fallocate(5, 0, 35143, 7 [pid 6149] <... futex resumed>) = 1 [pid 6149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... ioctl resumed>) = 0 [pid 6150] close(3) = 0 [pid 6150] mkdir("./file1", 0777) = 0 [pid 6150] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6151] <... fallocate resumed>) = 0 [pid 6151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6151] <... futex resumed>) = 0 [pid 6151] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 6149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... mount resumed>) = 0 [pid 6151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... futex resumed>) = 1 [pid 6151] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6151] <... futex resumed>) = 1 [pid 6149] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 6151] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6151] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6150] ioctl(4, LOOP_CLR_FD) = 0 [pid 6150] close(4) = 0 [pid 6150] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] exit_group(0) = ? [pid 6150] <... futex resumed>) = ? [pid 6150] +++ exited with 0 +++ [pid 6151] <... futex resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./290/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/bus") = 0 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6152 attached , child_tidptr=0x555556e0f690) = 6152 [pid 6152] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6152] chdir("./291") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6152] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6153 attached => {parent_tid=[6153]}, 88) = 6153 [pid 6153] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6153] <... rseq resumed>) = 0 [pid 6153] set_robust_list(0x7f4380f929a0, 24 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6153] <... set_robust_list resumed>) = 0 [pid 6152] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] <... futex resumed>) = 0 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] memfd_create("syzkaller", 0 [pid 6152] <... futex resumed>) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f51000 [pid 6153] <... memfd_create resumed>) = 3 [pid 6152] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0}./strace-static-x86_64: Process 6154 attached => {parent_tid=[6154]}, 88) = 6154 [pid 6154] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6154] set_robust_list(0x7f4380f719a0, 24) = 0 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6154] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] <... futex resumed>) = 0 [pid 6154] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6153] munmap(0x7f4378b51000, 262144 [pid 6154] <... open resumed>) = 4 [pid 6154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... munmap resumed>) = 0 [ 76.667191][ T6150] loop0: detected capacity change from 0 to 512 [ 76.687010][ T6150] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 8 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6153] ioctl(5, LOOP_SET_FD, 3 [pid 6154] <... futex resumed>) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6154] fallocate(4, 0, 35143, 7 [pid 6153] <... ioctl resumed>) = 0 [pid 6153] close(3) = 0 [pid 6153] mkdir("./file1", 0777) = 0 [pid 6153] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6154] <... fallocate resumed>) = 0 [pid 6154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... futex resumed>) = 1 [pid 6154] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6154] <... futex resumed>) = 0 [pid 6154] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6152] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... write resumed>) = 262144 [pid 6154] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6154] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... futex resumed>) = 0 [pid 6153] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6153] ioctl(5, LOOP_CLR_FD) = 0 [pid 6153] close(5) = 0 [pid 6153] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f438105e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] exit_group(0 [pid 6153] <... futex resumed>) = ? [pid 6152] <... exit_group resumed>) = ? [pid 6154] <... futex resumed>) = ? [pid 6153] +++ exited with 0 +++ [pid 6154] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e10730 /* 5 entries */, 32768) = 136 umount2("./291/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/bus", {st_mode=S_IFREG|000, st_size=35150, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/bus") = 0 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e18770 /* 2 entries */, 32768) = 48 [ 76.746652][ T6153] loop0: detected capacity change from 0 to 512 [ 76.766443][ T6153] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor369: inode #2: comm syz-executor369: iget: illegal inode # [ 76.780440][ T6153] EXT4-fs (loop0): get root inode failed [ 76.786065][ T6153] EXT4-fs (loop0): mount failed getdents64(4, 0x555556e18770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file1") = 0 getdents64(3, 0x555556e10730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e0f690) = 6157 ./strace-static-x86_64: Process 6157 attached [pid 6157] set_robust_list(0x555556e0f6a0, 24) = 0 [pid 6157] chdir("./292") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6157] futex(0x7f438105e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] rt_sigaction(SIGRT_1, {sa_handler=0x7f4380ffbf30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4380fed0e0}, NULL, 8) = 0 [pid 6157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4380f72000 [pid 6157] mprotect(0x7f4380f73000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f92990, parent_tid=0x7f4380f92990, exit_signal=0, stack=0x7f4380f72000, stack_size=0x20300, tls=0x7f4380f926c0}./strace-static-x86_64: Process 6158 attached => {parent_tid=[6158]}, 88) = 6158 [pid 6158] rseq(0x7f4380f92fe0, 0x20, 0, 0x53053053) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] set_robust_list(0x7f4380f929a0, 24 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] futex(0x7f438105e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] memfd_create("syzkaller", 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6158] <... memfd_create resumed>) = 3 [pid 6157] <... mmap resumed>) = 0x7f4380f51000 [pid 6157] mprotect(0x7f4380f52000, 131072, PROT_READ|PROT_WRITE [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4378b51000 [pid 6157] <... mprotect resumed>) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4380f71990, parent_tid=0x7f4380f71990, exit_signal=0, stack=0x7f4380f51000, stack_size=0x20300, tls=0x7f4380f716c0} [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 6159 attached [pid 6159] rseq(0x7f4380f71fe0, 0x20, 0, 0x53053053) = 0 [pid 6159] set_robust_list(0x7f4380f719a0, 24 [pid 6157] <... clone3 resumed> => {parent_tid=[6159]}, 88) = 6159 [pid 6159] <... set_robust_list resumed>) = 0 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6159] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] <... write resumed>) = 262144 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6159] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6158] munmap(0x7f4378b51000, 262144 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] <... futex resumed>) = 0 [pid 6158] <... munmap resumed>) = 0 [pid 6157] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] fallocate(4, 0, 35143, 7 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6157] <... futex resumed>) = 0 [pid 6158] <... openat resumed>) = 5 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] ioctl(5, LOOP_SET_FD, 3 [pid 6159] <... fallocate resumed>) = 0 [pid 6159] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] <... ioctl resumed>) = 0 [pid 6157] <... futex resumed>) = 0 [pid 6158] close(3 [pid 6157] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... close resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6158] mkdir("./file1", 0777 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 6159] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] <... mkdir resumed>) = 0 [pid 6157] <... futex resumed>) = 0 [pid 6159] futex(0x7f438105e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 6157] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6159] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|O_CLOEXEC|0x3c) = 3 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] futex(0x7f438105e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] <... futex resumed>) = 0 [pid 6157] futex(0x7f438105e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 6157] <... futex resumed>) = 0 [ 76.861218][ T6158] loop0: detected capacity change from 0 to 512 [ 76.872467][ T6159] ------------[ cut here ]------------ [ 76.878117][ T6159] kernel BUG at fs/buffer.c:2028! [ 76.883138][ T6159] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 76.889189][ T6159] CPU: 0 PID: 6159 Comm: syz-executor369 Not tainted 6.5.0-syzkaller-12145-g4a0fc73da97e #0 [ 76.899224][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.909258][ T6159] RIP: 0010:__block_write_begin_int+0x11c1/0x1470 [ 76.915658][ T6159] Code: df e8 53 d6 de ff f0 80 0b 20 e9 2f f2 ff ff e8 65 0e 89 ff 31 d2 31 f6 48 89 df e8 19 57 ff ff e9 83 f6 ff ff e8 4f 0e 89 ff <0f> 0b e8 48 0e 89 ff 0f 0b e8 41 0e 89 ff 0f 0b e8 3a 0e 89 ff 0f [ 76.935243][ T6159] RSP: 0018:ffffc90005847840 EFLAGS: 00010293 [ 76.941299][ T6159] RAX: 0000000000000000 RBX: ffff888077fbfe80 RCX: 0000000000000000 [ 76.949253][ T6159] RDX: ffff888014bb5940 RSI: ffffffff81fe95b1 RDI: 0000000000000006 [ 76.957221][ T6159] RBP: dffffc0000000000 R08: 0000000000000006 R09: 000000000004c000 [ 76.965174][ T6159] R10: 0000000000040000 R11: dffffc0000000000 R12: 0000000000000000 [ 76.973130][ T6159] R13: 0000000000000000 R14: 000000000004c000 R15: 0000000000000400 [ 76.981084][ T6159] FS: 00007f4380f716c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 76.990001][ T6159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.996564][ T6159] CR2: 00007f4380f93000 CR3: 0000000029f72000 CR4: 0000000000350ef0 [ 77.004522][ T6159] Call Trace: [ 77.007787][ T6159] [ 77.010702][ T6159] ? show_regs+0x8f/0xa0 [ 77.014930][ T6159] ? die+0x36/0xa0 [ 77.018634][ T6159] ? do_trap+0x22b/0x420 [ 77.022862][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.028655][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.034446][ T6159] ? do_error_trap+0xf4/0x230 [ 77.039212][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.045014][ T6159] ? handle_invalid_op+0x34/0x40 [ 77.049940][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.055732][ T6159] ? exc_invalid_op+0x2d/0x40 [ 77.060393][ T6159] ? asm_exc_invalid_op+0x1a/0x20 [ 77.065405][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.071195][ T6159] ? __block_write_begin_int+0x11c1/0x1470 [ 77.076991][ T6159] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 77.082527][ T6159] ? __filemap_get_folio+0x31c/0xbc0 [ 77.087804][ T6159] iomap_write_begin+0x5be/0x17b0 [ 77.092822][ T6159] ? rcu_is_watching+0x12/0xb0 [ 77.097576][ T6159] ? lock_release+0x4bf/0x680 [ 77.102239][ T6159] ? folio_flags.constprop.0+0x56/0x150 [ 77.107769][ T6159] ? balance_dirty_pages_ratelimited_flags+0x3b1/0x1230 [ 77.114702][ T6159] ? reacquire_held_locks+0x4b0/0x4b0 [ 77.120062][ T6159] ? iomap_adjust_read_range.isra.0+0x650/0x650 [ 77.126289][ T6159] ? fault_in_readable+0x150/0x200 [ 77.131390][ T6159] ? fault_in_subpage_writeable+0x20/0x20 [ 77.137104][ T6159] iomap_file_buffered_write+0x3d6/0x9a0 [ 77.142734][ T6159] ? iomap_write_begin+0x17b0/0x17b0 [ 77.148023][ T6159] ? rcu_is_watching+0x12/0xb0 [ 77.152777][ T6159] ? __mark_inode_dirty+0x297/0xd50 [ 77.157957][ T6159] ? preempt_count_add+0x72/0x140 [ 77.162965][ T6159] ? __mnt_drop_write_file+0xc1/0xf0 [ 77.168240][ T6159] blkdev_write_iter+0x572/0xca0 [ 77.173165][ T6159] vfs_write+0x650/0xe40 [ 77.177397][ T6159] ? kernel_write+0x6c0/0x6c0 [ 77.182057][ T6159] ? __fget_files+0x279/0x410 [ 77.186718][ T6159] ? __fget_light+0xe6/0x260 [ 77.191294][ T6159] ksys_write+0x12f/0x250 [ 77.195625][ T6159] ? __ia32_sys_read+0xb0/0xb0 [ 77.200377][ T6159] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.205566][ T6159] ? ptrace_notify+0xf4/0x130 [ 77.210228][ T6159] do_syscall_64+0x38/0xb0 [ 77.214712][ T6159] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.220591][ T6159] RIP: 0033:0x7f4380fd5b19 [ 77.224988][ T6159] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.244593][ T6159] RSP: 002b:00007f4380f71218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.252987][ T6159] RAX: ffffffffffffffda RBX: 00007f438105e6d8 RCX: 00007f4380fd5b19 [pid 6157] futex(0x7f438105e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 77.261044][ T6159] RDX: 000000000156a396 RSI: 0000000020002a40 RDI: 0000000000000003 [ 77.269005][ T6159] RBP: 00007f438105e6d0 R08: 0000000000000000 R09: 0000000000000000 [ 77.276958][ T6159] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f438102a6d0 [ 77.284912][ T6159] R13: 00007f438102a0c0 R14: 0031656c69662f2e R15: 6f6f6c2f7665642f [ 77.292874][ T6159] [ 77.295874][ T6159] Modules linked in: [ 77.304475][ T6159] ---[ end trace 0000000000000000 ]--- [ 77.310688][ T6159] RIP: 0010:__block_write_begin_int+0x11c1/0x1470 [ 77.317152][ T6159] Code: df e8 53 d6 de ff f0 80 0b 20 e9 2f f2 ff ff e8 65 0e 89 ff 31 d2 31 f6 48 89 df e8 19 57 ff ff e9 83 f6 ff ff e8 4f 0e 89 ff <0f> 0b e8 48 0e 89 ff 0f 0b e8 41 0e 89 ff 0f 0b e8 3a 0e 89 ff 0f [ 77.336814][ T6159] RSP: 0018:ffffc90005847840 EFLAGS: 00010293 [ 77.342924][ T6159] RAX: 0000000000000000 RBX: ffff888077fbfe80 RCX: 0000000000000000 [ 77.350908][ T6159] RDX: ffff888014bb5940 RSI: ffffffff81fe95b1 RDI: 0000000000000006 [ 77.358899][ T6159] RBP: dffffc0000000000 R08: 0000000000000006 R09: 000000000004c000 [ 77.366864][ T6159] R10: 0000000000040000 R11: dffffc0000000000 R12: 0000000000000000 [ 77.374895][ T6159] R13: 0000000000000000 R14: 000000000004c000 R15: 0000000000000400 [ 77.382994][ T6159] FS: 00007f4380f716c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 77.391979][ T6159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.398597][ T6159] CR2: 00007f4381011a10 CR3: 0000000029f72000 CR4: 0000000000350ef0 [ 77.406575][ T6159] Kernel panic - not syncing: Fatal exception [ 77.413647][ T6159] Kernel Offset: disabled [ 77.417948][ T6159] Rebooting in 86400 seconds..