./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1266962399 <...> Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. execve("./syz-executor1266962399", ["./syz-executor1266962399"], 0x7ffc1b4e00a0 /* 10 vars */) = 0 brk(NULL) = 0x555556643000 brk(0x555556643d40) = 0x555556643d40 arch_prctl(ARCH_SET_FS, 0x5555566433c0) = 0 set_tid_address(0x555556643690) = 5028 set_robust_list(0x5555566436a0, 24) = 0 rseq(0x555556643ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1266962399", 4096) = 28 getrandom("\x59\xb8\xb8\xa9\x04\x79\xa7\xbe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556643d40 brk(0x555556664d40) = 0x555556664d40 brk(0x555556665000) = 0x555556665000 mprotect(0x7f6a68e02000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.rPZj0Z", 0700) = 0 chmod("./syzkaller.rPZj0Z", 0777) = 0 chdir("./syzkaller.rPZj0Z") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5029 ./strace-static-x86_64: Process 5029 attached [pid 5029] set_robust_list(0x5555566436a0, 24) = 0 [pid 5029] chdir("./0") = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5029] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5029] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5030]}, 88) = 5030 [pid 5029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5029] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5029] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5030 attached [pid 5030] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5029] <... clone3 resumed> => {parent_tid=[5031]}, 88) = 5031 [pid 5030] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5029] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5031 attached [pid 5030] memfd_create("syzkaller", 0 [pid 5031] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5031] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] <... memfd_create resumed>) = 3 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5030] munmap(0x7f6a608fb000, 262144) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5030] ioctl(5, LOOP_SET_FD, 3 [pid 5031] <... open resumed>) = 4 [pid 5031] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5031] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = 0 [pid 5031] fallocate(-1, 0, 35143, 7 [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5031] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5031] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = 0 [pid 5031] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... mount resumed>) = 0 [pid 5031] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5031] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = 0 [pid 5031] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... open resumed>) = 6 [pid 5031] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... ioctl resumed>) = 0 [pid 5030] close(3 [pid 5031] <... futex resumed>) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5031] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... close resumed>) = 0 [pid 5029] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5030] mkdir("./file1", 0777 [pid 5029] <... futex resumed>) = 0 [pid 5031] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5029] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... mkdir resumed>) = 0 [pid 5030] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5031] <... write resumed>) = 262144 [pid 5031] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [ 54.116471][ T5030] syz-executor126[5030]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 54.130089][ T28] audit: type=1800 audit(1694896888.035:2): pid=5031 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 54.141900][ T5030] loop0: detected capacity change from 0 to 512 [pid 5031] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5030] ioctl(5, LOOP_CLR_FD) = 0 [pid 5030] close(5) = 0 [pid 5030] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] exit_group(0 [pid 5031] <... futex resumed>) = ? [pid 5030] <... futex resumed>) = ? [pid 5029] <... exit_group resumed>) = ? [pid 5031] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ [pid 5029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached [ 54.173956][ T5030] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5033] set_robust_list(0x5555566436a0, 24) = 0 [pid 5033] chdir("./1") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5033 [pid 5033] <... setpgid resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5033] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5034 attached => {parent_tid=[5034]}, 88) = 5034 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... rseq resumed>) = 0 [pid 5033] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5033] <... futex resumed>) = 0 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5033] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] <... mprotect resumed>) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5034] memfd_create("syzkaller", 0 [pid 5033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5034] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5035 attached [pid 5035] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5033] <... clone3 resumed> => {parent_tid=[5035]}, 88) = 5035 [pid 5035] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5033] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... open resumed>) = 4 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5033] <... futex resumed>) = 0 [pid 5035] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... mmap resumed>) = 0x7f6a608fb000 [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 0 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5035] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... write resumed>) = 262144 [pid 5033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] munmap(0x7f6a608fb000, 262144 [pid 5033] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 1 [pid 5035] fallocate(-1, 0, 35143, 7 [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5035] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... munmap resumed>) = 0 [pid 5035] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5035] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5035] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... mount resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5035] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5035] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5034] ioctl(5, LOOP_SET_FD, 3 [pid 5033] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... open resumed>) = 6 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5035] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... ioctl resumed>) = 0 [pid 5033] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5034] close(3 [pid 5033] <... futex resumed>) = 1 [pid 5035] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5033] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... close resumed>) = 0 [pid 5034] mkdir("./file1", 0777) = 0 [pid 5034] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5035] <... write resumed>) = 262144 [pid 5035] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [ 54.257755][ T28] audit: type=1800 audit(1694896888.165:3): pid=5035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 54.283495][ T5034] loop0: detected capacity change from 0 to 512 [pid 5035] <... futex resumed>) = 1 [pid 5035] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5034] ioctl(5, LOOP_CLR_FD) = 0 [pid 5034] close(5) = 0 [pid 5034] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] exit_group(0 [pid 5034] <... futex resumed>) = ? [pid 5033] <... exit_group resumed>) = ? [pid 5035] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5036 attached , child_tidptr=0x555556643690) = 5036 [pid 5036] set_robust_list(0x5555566436a0, 24) = 0 [ 54.312590][ T5034] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5036] chdir("./2") = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5036] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5037]}, 88) = 5037 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5036] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5036] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5036] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5038] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] <... set_robust_list resumed>) = 0 [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5036] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5037 attached [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5038] <... open resumed>) = 3 [pid 5037] <... rseq resumed>) = 0 [pid 5038] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 0 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] fallocate(-1, 0, 35143, 7 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] <... futex resumed>) = 0 [pid 5038] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] memfd_create("syzkaller", 0 [pid 5036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] <... futex resumed>) = 0 [pid 5037] <... memfd_create resumed>) = 4 [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5038] <... mount resumed>) = 0 [pid 5037] <... mmap resumed>) = 0x7f6a608fb000 [pid 5038] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... futex resumed>) = 1 [pid 5037] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5038] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5038] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... write resumed>) = 262144 [pid 5037] munmap(0x7f6a608fb000, 262144 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... munmap resumed>) = 0 [pid 5036] <... futex resumed>) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5036] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... openat resumed>) = 6 [pid 5037] ioctl(6, LOOP_SET_FD, 4 [ 54.404133][ T28] audit: type=1800 audit(1694896888.315:4): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5038] <... futex resumed>) = 1 [pid 5038] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5037] <... ioctl resumed>) = 0 [pid 5037] close(4) = 0 [pid 5037] mkdir("./file1", 0777) = 0 [pid 5037] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5038] <... write resumed>) = -1 EIO (Input/output error) [pid 5038] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5038] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5037] ioctl(6, LOOP_CLR_FD) = 0 [pid 5037] close(6) = 0 [pid 5037] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] exit_group(0 [pid 5037] <... futex resumed>) = ? [pid 5036] <... exit_group resumed>) = ? [pid 5038] <... futex resumed>) = ? [pid 5037] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x5555566436a0, 24) = 0 [pid 5039] chdir("./3") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [ 54.450003][ T5037] loop0: detected capacity change from 0 to 512 [ 54.456612][ T5038] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 54.466889][ T5038] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 54.479760][ T5037] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5039] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5040 attached => {parent_tid=[5040]}, 88) = 5040 [pid 5040] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5040] memfd_create("syzkaller", 0 [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5040] <... memfd_create resumed>) = 3 [pid 5039] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5039] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5041]}, 88) = 5041 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5041 attached [pid 5041] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5040] <... write resumed>) = 262144 [pid 5040] munmap(0x7f6a608fb000, 262144) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5040] ioctl(5, LOOP_SET_FD, 3 [pid 5041] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5041] fallocate(-1, 0, 35143, 7 [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5041] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... ioctl resumed>) = 0 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] close(3) = 0 [pid 5040] mkdir("./file1", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5041] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... mount resumed>) = 0 [pid 5041] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5039] <... futex resumed>) = 0 [pid 5041] <... open resumed>) = 3 [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... write resumed>) = 262144 [pid 5041] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [ 54.552872][ T28] audit: type=1800 audit(1694896888.465:5): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 54.576260][ T5040] loop0: detected capacity change from 0 to 512 [pid 5041] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5040] ioctl(5, LOOP_CLR_FD) = 0 [pid 5040] close(5) = 0 [pid 5040] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] exit_group(0 [pid 5041] <... futex resumed>) = ? [pid 5040] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached , child_tidptr=0x555556643690) = 5042 [pid 5042] set_robust_list(0x5555566436a0, 24) = 0 [pid 5042] chdir("./4") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [ 54.602009][ T5040] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5042] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5043 attached [pid 5043] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5042] <... clone3 resumed> => {parent_tid=[5043]}, 88) = 5043 [pid 5043] <... rseq resumed>) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5042] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] <... futex resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] memfd_create("syzkaller", 0 [pid 5042] <... futex resumed>) = 0 [pid 5043] <... memfd_create resumed>) = 3 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5042] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5042] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5042] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5042] <... clone3 resumed> => {parent_tid=[5044]}, 88) = 5044 [pid 5044] <... rseq resumed>) = 0 [pid 5043] <... write resumed>) = 262144 [pid 5043] munmap(0x7f6a608fb000, 262144 [pid 5044] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] <... set_robust_list resumed>) = 0 [pid 5043] <... munmap resumed>) = 0 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5042] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... openat resumed>) = 4 [pid 5042] <... futex resumed>) = 0 [pid 5044] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5043] ioctl(4, LOOP_SET_FD, 3 [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... open resumed>) = 5 [pid 5044] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... ioctl resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5043] close(3 [pid 5044] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... close resumed>) = 0 [pid 5042] <... futex resumed>) = 0 [pid 5043] mkdir("./file1", 0777 [pid 5042] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5044] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... mkdir resumed>) = 0 [pid 5043] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5044] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5044] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... open resumed>) = 3 [pid 5044] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5044] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] <... futex resumed>) = 0 [pid 5044] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 54.680348][ T5043] loop0: detected capacity change from 0 to 512 [ 54.680529][ T28] audit: type=1800 audit(1694896888.585:6): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 54.722201][ T5043] EXT4-fs (loop0): 1 orphan inode deleted [pid 5042] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... write resumed>) = 262144 [pid 5044] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5044] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... mount resumed>) = 0 [pid 5043] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5043] chdir("./file1") = 0 [pid 5043] ioctl(4, LOOP_CLR_FD) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5043] <... futex resumed>) = ? [pid 5042] <... exit_group resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 54.728442][ T5043] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.741070][ T5043] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/4/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5048 ./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x5555566436a0, 24) = 0 [pid 5048] chdir("./5") = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 [pid 5048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5048] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5048] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5049 attached [ 54.799718][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.810237][ T5028] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 54.821403][ T5028] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor126: mark_inode_dirty error => {parent_tid=[5049]}, 88) = 5049 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5048] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5049] <... rseq resumed>) = 0 [pid 5049] set_robust_list(0x7f6a68d3c9a0, 24./strace-static-x86_64: Process 5050 attached ) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] <... clone3 resumed> => {parent_tid=[5050]}, 88) = 5050 [pid 5050] <... rseq resumed>) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5049] memfd_create("syzkaller", 0 [pid 5050] <... set_robust_list resumed>) = 0 [pid 5049] <... memfd_create resumed>) = 3 [pid 5048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5048] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] <... futex resumed>) = 0 [pid 5050] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5049] <... mmap resumed>) = 0x7f6a608fb000 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... open resumed>) = 4 [pid 5049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5050] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... write resumed>) = 262144 [pid 5050] <... futex resumed>) = 1 [pid 5050] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] munmap(0x7f6a608fb000, 262144) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5049] ioctl(5, LOOP_SET_FD, 3 [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 0 [pid 5050] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5050] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5049] <... ioctl resumed>) = 0 [pid 5049] close(3 [pid 5048] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... close resumed>) = 0 [pid 5048] <... futex resumed>) = 0 [pid 5049] mkdir("./file1", 0777 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5049] <... mkdir resumed>) = 0 [pid 5049] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5050] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5050] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5050] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [ 54.887586][ T28] audit: type=1800 audit(1694896888.795:7): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 54.896586][ T5049] loop0: detected capacity change from 0 to 512 [pid 5050] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5050] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [ 54.927039][ T5049] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor126: lblock 0 mapped to illegal pblock 9 (length 1) [ 54.942878][ T5049] Quota error (device loop0): qtree_read_dquot: Error while reading quota structure for id 0 [ 54.953200][ T5049] EXT4-fs error (device loop0): ext4_map_blocks:577: inode #3: block 9: comm syz-executor126: lblock 0 mapped to illegal pblock 9 (length 1) [ 54.968110][ T5049] Quota error (device loop0): qtree_read_dquot: Error while reading quota structure for id 0 [ 54.978444][ T5049] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 54.988848][ T5049] EXT4-fs error (device loop0): ext4_evict_inode:251: inode #16: comm syz-executor126: mark_inode_dirty error [ 55.001191][ T5049] EXT4-fs warning (device loop0): ext4_evict_inode:254: couldn't mark inode dirty (err -117) [ 55.011601][ T5049] EXT4-fs (loop0): 1 orphan inode deleted [ 55.017520][ T5049] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5050] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... mount resumed>) = 0 [pid 5049] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5049] chdir("./file1") = 0 [pid 5049] ioctl(5, LOOP_CLR_FD) = 0 [pid 5049] close(5) = 0 [pid 5049] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] exit_group(0 [pid 5049] <... futex resumed>) = ? [pid 5048] <... exit_group resumed>) = ? [pid 5050] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 55.029835][ T5049] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/5/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555556643690) = 5053 [pid 5053] set_robust_list(0x5555566436a0, 24) = 0 [pid 5053] chdir("./6") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [ 55.072111][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.082753][ T5028] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 55.092865][ T5028] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor126: mark_inode_dirty error [pid 5053] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5054 attached [pid 5054] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... clone3 resumed> => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] memfd_create("syzkaller", 0 [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] <... memfd_create resumed>) = 3 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5053] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5053] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5053] <... mprotect resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5055 attached => {parent_tid=[5055]}, 88) = 5055 [pid 5054] <... write resumed>) = 262144 [pid 5055] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5055] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5054] munmap(0x7f6a608fb000, 262144 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5054] <... munmap resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5053] <... futex resumed>) = 0 [pid 5055] <... open resumed>) = 4 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... openat resumed>) = 5 [pid 5054] ioctl(5, LOOP_SET_FD, 3 [pid 5055] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... ioctl resumed>) = 0 [pid 5053] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] close(3 [pid 5053] <... futex resumed>) = 0 [pid 5055] fallocate(-1, 0, 35143, 7 [pid 5054] <... close resumed>) = 0 [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5054] mkdir("./file1", 0777 [pid 5055] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... mkdir resumed>) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5053] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5055] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... mount resumed>) = 0 [pid 5055] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 1 [pid 5055] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5055] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 1 [ 55.167091][ T28] audit: type=1800 audit(1694896889.075:8): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 55.168098][ T5054] loop0: detected capacity change from 0 to 512 [pid 5055] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5055] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5054] ioctl(5, LOOP_CLR_FD) = 0 [pid 5054] close(5) = 0 [pid 5054] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] exit_group(0 [pid 5055] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x5555566436a0, 24) = 0 [pid 5058] chdir("./7") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 55.212982][ T5056] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 55.222969][ T5054] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 55.238410][ T5054] EXT4-fs (loop0): get root inode failed [ 55.244343][ T5054] EXT4-fs (loop0): mount failed [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5058] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... clone3 resumed> => {parent_tid=[5059]}, 88) = 5059 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a608fb000 [pid 5058] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5058] <... clone3 resumed> => {parent_tid=[5060]}, 88) = 5060 [pid 5060] <... rseq resumed>) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] set_robust_list(0x7f6a6091b9a0, 24 [pid 5058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... set_robust_list resumed>) = 0 [pid 5058] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] <... futex resumed>) = 0 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5060] <... open resumed>) = 4 [pid 5060] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... write resumed>) = 262144 [pid 5060] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5060] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] munmap(0x7f6a6091c000, 262144 [pid 5058] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5060] fallocate(-1, 0, 35143, 7 [pid 5059] <... munmap resumed>) = 0 [pid 5060] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5060] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] <... openat resumed>) = 5 [pid 5060] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] ioctl(5, LOOP_SET_FD, 3 [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 0 [pid 5060] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5060] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] <... ioctl resumed>) = 0 [pid 5059] close(3) = 0 [pid 5060] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] mkdir("./file1", 0777 [pid 5058] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... mkdir resumed>) = 0 [pid 5059] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5060] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... open resumed>) = 3 [pid 5060] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5060] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5058] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.315768][ T28] audit: type=1800 audit(1694896889.225:9): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 55.338929][ T5059] loop0: detected capacity change from 0 to 512 [pid 5058] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... write resumed>) = 262144 [pid 5060] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5059] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5059] ioctl(5, LOOP_CLR_FD) = 0 [pid 5059] close(5) = 0 [pid 5059] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] exit_group(0 [pid 5059] <... futex resumed>) = ? [pid 5058] <... exit_group resumed>) = ? [pid 5060] <... futex resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 [ 55.362047][ T5059] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached , child_tidptr=0x555556643690) = 5061 [pid 5061] set_robust_list(0x5555566436a0, 24) = 0 [pid 5061] chdir("./8") = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5061] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5061] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5062] <... rseq resumed>) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] <... futex resumed>) = 0 [pid 5062] memfd_create("syzkaller", 0 [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... memfd_create resumed>) = 3 [pid 5061] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5061] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5063]}, 88) = 5063 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5063] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5062] <... write resumed>) = 262144 [pid 5062] munmap(0x7f6a608fb000, 262144) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5062] ioctl(5, LOOP_SET_FD, 3 [pid 5063] <... open resumed>) = 4 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file1", 0777) = 0 [pid 5063] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5063] <... futex resumed>) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] fallocate(-1, 0, 35143, 7 [pid 5061] <... futex resumed>) = 0 [pid 5063] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5061] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... mount resumed>) = 0 [pid 5063] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5063] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] <... futex resumed>) = 0 [pid 5063] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... open resumed>) = 3 [pid 5063] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5063] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5063] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5061] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... write resumed>) = 262144 [pid 5063] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [ 55.453855][ T5062] loop0: detected capacity change from 0 to 512 [ 55.473219][ T5064] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 55.486022][ T5062] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [pid 5062] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5062] ioctl(5, LOOP_CLR_FD) = 0 [pid 5062] close(5) = 0 [pid 5062] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] exit_group(0 [pid 5063] <... futex resumed>) = ? [pid 5061] <... exit_group resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x555556643690) = 5066 [pid 5066] set_robust_list(0x5555566436a0, 24) = 0 [pid 5066] chdir("./9") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 55.500188][ T5062] EXT4-fs (loop0): get root inode failed [ 55.507561][ T5062] EXT4-fs (loop0): mount failed [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5066] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5067]}, 88) = 5067 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5066] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5066] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5068] <... rseq resumed>) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5066] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] <... futex resumed>) = 0 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5067] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5068] <... open resumed>) = 3 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5068] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5068] fallocate(-1, 0, 35143, 7 [pid 5067] memfd_create("syzkaller", 0 [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... memfd_create resumed>) = 4 [pid 5068] <... futex resumed>) = 1 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... futex resumed>) = 0 [pid 5068] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5066] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... mmap resumed>) = 0x7f6a608fb000 [pid 5068] <... mount resumed>) = 0 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5068] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5068] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5066] <... futex resumed>) = 0 [pid 5068] <... open resumed>) = 5 [pid 5067] <... write resumed>) = 262144 [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5068] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5068] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5066] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] munmap(0x7f6a608fb000, 262144) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5067] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5067] close(4) = 0 [pid 5067] mkdir("./file1", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5067] chdir("./file1") = 0 [pid 5067] ioctl(6, LOOP_CLR_FD) = 0 [pid 5067] close(6) = 0 [pid 5067] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5068] <... futex resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 55.590262][ T5067] loop0: detected capacity change from 0 to 512 [ 55.606645][ T5067] EXT4-fs (loop0): 1 orphan inode deleted [ 55.612730][ T5067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.625734][ T5067] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/9/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5071 ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x5555566436a0, 24) = 0 [pid 5071] chdir("./10") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5071] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5072 attached => {parent_tid=[5072]}, 88) = 5072 [pid 5072] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] <... memfd_create resumed>) = 3 [pid 5071] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5072] <... mmap resumed>) = 0x7f6a608fb000 [pid 5071] <... mprotect resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5073 attached => {parent_tid=[5073]}, 88) = 5073 [pid 5073] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] <... rseq resumed>) = 0 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5071] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [ 55.666656][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] <... write resumed>) = 262144 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5072] munmap(0x7f6a608fb000, 262144) = 0 [pid 5073] <... open resumed>) = 4 [pid 5073] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5073] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5073] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5071] <... futex resumed>) = 0 [pid 5073] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5073] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 5 [pid 5072] ioctl(5, LOOP_SET_FD, 3 [pid 5073] <... mount resumed>) = 0 [pid 5072] <... ioctl resumed>) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file1", 0777 [pid 5073] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5073] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5071] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5073] <... write resumed>) = 262144 [pid 5073] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5073] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5072] ioctl(5, LOOP_CLR_FD) = 0 [pid 5072] close(5) = 0 [pid 5072] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] exit_group(0 [pid 5073] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5071] <... exit_group resumed>) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x555556643690) = 5074 [pid 5074] set_robust_list(0x5555566436a0, 24) = 0 [pid 5074] chdir("./11") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [ 55.733045][ T5072] loop0: detected capacity change from 0 to 512 [ 55.754627][ T5072] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5074] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5075 attached => {parent_tid=[5075]}, 88) = 5075 [pid 5075] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... rseq resumed>) = 0 [pid 5075] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5075] <... memfd_create resumed>) = 3 [pid 5074] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5076]}, 88) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... rseq resumed>) = 0 [pid 5076] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5075] <... write resumed>) = 262144 [pid 5075] munmap(0x7f6a608fb000, 262144 [pid 5076] <... open resumed>) = 4 [pid 5075] <... munmap resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5075] ioctl(5, LOOP_SET_FD, 3 [pid 5076] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5076] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5075] <... ioctl resumed>) = 0 [pid 5074] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] close(3 [pid 5074] <... futex resumed>) = 1 [pid 5076] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5075] <... close resumed>) = 0 [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] mkdir("./file1", 0777 [pid 5076] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5076] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5076] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 3 [pid 5075] <... mkdir resumed>) = 0 [pid 5076] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5074] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5074] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5076] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5075] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5075] ioctl(5, LOOP_CLR_FD) = 0 [pid 5075] close(5) = 0 [pid 5075] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] exit_group(0 [pid 5075] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5074] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555566436a0, 24) = 0 [pid 5077] chdir("./12") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.836107][ T5075] loop0: detected capacity change from 0 to 512 [ 55.856921][ T5075] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5077] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5078 attached => {parent_tid=[5078]}, 88) = 5078 [pid 5078] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5077] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5079 attached [pid 5077] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5079] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5078] memfd_create("syzkaller", 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] <... rseq resumed>) = 0 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5077] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... memfd_create resumed>) = 3 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] <... futex resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... mmap resumed>) = 0x7f6a608fb000 [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5079] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5077] <... futex resumed>) = 1 [pid 5079] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5079] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... mount resumed>) = 0 [pid 5079] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... write resumed>) = 262144 [pid 5079] <... futex resumed>) = 1 [pid 5078] munmap(0x7f6a608fb000, 262144 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5077] <... futex resumed>) = 0 [pid 5078] <... munmap resumed>) = 0 [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5079] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5077] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... openat resumed>) = 6 [pid 5077] <... futex resumed>) = 0 [pid 5079] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5077] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] ioctl(6, LOOP_SET_FD, 3 [pid 5079] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file1", 0777) = 0 [ 55.949919][ T5078] loop0: detected capacity change from 0 to 512 [ 55.976373][ T5078] EXT4-fs (loop0): 1 orphan inode deleted [ 55.982187][ T5078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5078] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file1") = 0 [pid 5078] ioctl(6, LOOP_CLR_FD) = 0 [pid 5078] close(6) = 0 [pid 5078] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5077] <... exit_group resumed>) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.001868][ T5078] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/12/file1 supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x555556643690) = 5082 [pid 5082] set_robust_list(0x5555566436a0, 24) = 0 [pid 5082] chdir("./13") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5082] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5083]}, 88) = 5083 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 ./strace-static-x86_64: Process 5083 attached [pid 5082] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5083] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5083] <... mmap resumed>) = 0x7f6a608fb000 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5082] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rseq resumed>) = 0 [pid 5084] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5082] <... futex resumed>) = 0 [ 56.045086][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5084] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... write resumed>) = 262144 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5084] fallocate(-1, 0, 35143, 7 [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5083] munmap(0x7f6a608fb000, 262144 [pid 5084] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... munmap resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5084] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... mount resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 5 [pid 5084] <... futex resumed>) = 1 [pid 5083] ioctl(5, LOOP_SET_FD, 3 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... ioctl resumed>) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5082] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5084] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [ 56.115898][ T5083] loop0: detected capacity change from 0 to 512 [ 56.137501][ T5083] EXT4-fs (loop0): 1 orphan inode deleted [ 56.148061][ T5083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5084] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... mount resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5083] chdir("./file1") = 0 [pid 5083] ioctl(5, LOOP_CLR_FD) = 0 [pid 5083] close(5) = 0 [pid 5083] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5083] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5082] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 56.161985][ T5083] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.196772][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.206827][ T5028] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x5555566436a0, 24) = 0 [pid 5087] chdir("./14") = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5087 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5087] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5088 attached => {parent_tid=[5088]}, 88) = 5088 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.216811][ T5028] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor126: mark_inode_dirty error [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5088] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5087] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5088] <... rseq resumed>) = 0 [pid 5088] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5087] <... mprotect resumed>) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] memfd_create("syzkaller", 0 [pid 5087] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5088] <... memfd_create resumed>) = 3 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5089 attached [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5087] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5089] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5088] <... mmap resumed>) = 0x7f6a608fb000 [pid 5089] <... rseq resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5087] <... futex resumed>) = 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5089] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5089] fallocate(-1, 0, 35143, 7 [pid 5087] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5088] <... write resumed>) = 262144 [pid 5089] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] munmap(0x7f6a608fb000, 262144) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... openat resumed>) = 5 [pid 5088] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5089] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5088] close(3 [pid 5089] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... close resumed>) = 0 [pid 5087] <... futex resumed>) = 0 [pid 5089] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] mkdir("./file1", 0777 [pid 5087] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5089] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... open resumed>) = 3 [pid 5089] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5089] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5089] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5087] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... mkdir resumed>) = 0 [pid 5088] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5089] <... write resumed>) = 262144 [pid 5089] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5089] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5088] ioctl(5, LOOP_CLR_FD) = 0 [pid 5088] close(5) = 0 [pid 5088] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5088] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5087] <... exit_group resumed>) = ? [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x555556643690) = 5090 [pid 5090] set_robust_list(0x5555566436a0, 24) = 0 [pid 5090] chdir("./15") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [ 56.302620][ T5088] loop0: detected capacity change from 0 to 512 [ 56.323633][ T5088] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5090] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5091]}, 88) = 5091 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5091 attached [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... rseq resumed>) = 0 [pid 5091] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] memfd_create("syzkaller", 0 [pid 5090] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5091] <... memfd_create resumed>) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5090] <... mprotect resumed>) = 0 [pid 5091] <... mmap resumed>) = 0x7f6a608fb000 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5092 attached [pid 5092] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5090] <... clone3 resumed> => {parent_tid=[5092]}, 88) = 5092 [pid 5092] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5090] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... futex resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... open resumed>) = 4 [pid 5091] <... write resumed>) = 262144 [pid 5091] munmap(0x7f6a608fb000, 262144 [pid 5092] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... munmap resumed>) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... openat resumed>) = 5 [pid 5090] <... futex resumed>) = 0 [pid 5091] ioctl(5, LOOP_SET_FD, 3 [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [pid 5092] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5092] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5092] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5092] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5090] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... ioctl resumed>) = 0 [pid 5091] close(3 [pid 5090] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... close resumed>) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5092] <... write resumed>) = 262144 [pid 5092] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5091] ioctl(5, LOOP_CLR_FD) = 0 [pid 5091] close(5) = 0 [pid 5091] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] exit_group(0) = ? [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x5555566436a0, 24) = 0 [pid 5093] chdir("./16") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5093] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5093] <... clone3 resumed> => {parent_tid=[5094]}, 88) = 5094 [pid 5094] <... rseq resumed>) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] memfd_create("syzkaller", 0 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... memfd_create resumed>) = 3 [pid 5093] <... futex resumed>) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5093] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5094] <... mmap resumed>) = 0x7f6a608fb000 [pid 5093] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 56.406472][ T5091] loop0: detected capacity change from 0 to 512 [ 56.426670][ T5091] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5095 attached [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5093] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5094] <... write resumed>) = 262144 [pid 5095] <... rseq resumed>) = 0 [pid 5094] munmap(0x7f6a608fb000, 262144 [pid 5095] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5094] <... munmap resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5094] <... openat resumed>) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3 [pid 5095] <... open resumed>) = 5 [pid 5095] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... ioctl resumed>) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file1", 0777 [pid 5095] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... mkdir resumed>) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] fallocate(-1, 0, 35143, 7 [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5095] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5095] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5095] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 0 [pid 5095] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5095] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5095] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5095] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... open resumed>) = 3 [pid 5095] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5095] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5095] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5093] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... write resumed>) = 262144 [pid 5095] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5094] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x555556643690) = 5096 [ 56.507549][ T5094] loop0: detected capacity change from 0 to 512 [ 56.536078][ T5094] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5096] set_robust_list(0x5555566436a0, 24) = 0 [pid 5096] chdir("./17") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5096] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5097 attached => {parent_tid=[5097]}, 88) = 5097 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5096] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5097] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5096] <... mprotect resumed>) = 0 [pid 5097] <... rseq resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5098 attached [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5098] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... rseq resumed>) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5097] memfd_create("syzkaller", 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... set_robust_list resumed>) = 0 [pid 5097] <... memfd_create resumed>) = 3 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... mmap resumed>) = 0x7f6a608fb000 [pid 5098] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5098] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5098] fallocate(-1, 0, 35143, 7 [pid 5096] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5098] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5097] <... write resumed>) = 262144 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] munmap(0x7f6a608fb000, 262144 [pid 5098] <... mount resumed>) = 0 [pid 5098] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5098] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] <... munmap resumed>) = 0 [pid 5096] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5098] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5096] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5097] <... openat resumed>) = 6 [pid 5098] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] ioctl(6, LOOP_SET_FD, 3 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... ioctl resumed>) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file1", 0777) = 0 [ 56.633706][ T5097] loop0: detected capacity change from 0 to 512 [ 56.666095][ T5097] EXT4-fs (loop0): 1 orphan inode deleted [pid 5097] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file1") = 0 [pid 5097] ioctl(6, LOOP_CLR_FD) = 0 [pid 5097] close(6) = 0 [pid 5097] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5096] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 56.671962][ T5097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.684891][ T5097] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/17/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x5555566436a0, 24) = 0 [pid 5101] chdir("./18") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5101] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5102 attached => {parent_tid=[5102]}, 88) = 5102 [pid 5102] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5102] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5101] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... futex resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] memfd_create("syzkaller", 0 [pid 5101] <... futex resumed>) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5102] <... memfd_create resumed>) = 3 [ 56.739535][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5101] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5102] <... mmap resumed>) = 0x7f6a608fb000 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5103 attached => {parent_tid=[5103]}, 88) = 5103 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] <... rseq resumed>) = 0 [pid 5101] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5103] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5103] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... write resumed>) = 262144 [pid 5102] munmap(0x7f6a608fb000, 262144 [pid 5103] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5102] <... munmap resumed>) = 0 [pid 5103] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5103] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] <... openat resumed>) = 5 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] ioctl(5, LOOP_SET_FD, 3 [pid 5103] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5103] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5102] <... ioctl resumed>) = 0 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] close(3 [pid 5103] <... open resumed>) = 3 [pid 5102] <... close resumed>) = 0 [pid 5102] mkdir("./file1", 0777 [pid 5103] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... mkdir resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5102] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5101] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5103] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5101] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... write resumed>) = 262144 [pid 5103] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5102] ioctl(5, LOOP_CLR_FD) = 0 [pid 5102] close(5) = 0 [pid 5102] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.810928][ T5102] loop0: detected capacity change from 0 to 512 [ 56.823906][ T5104] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 56.836027][ T5102] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 56.850518][ T5102] EXT4-fs (loop0): get root inode failed [ 56.856233][ T5102] EXT4-fs (loop0): mount failed newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555556643690) = 5106 [pid 5106] set_robust_list(0x5555566436a0, 24) = 0 [pid 5106] chdir("./19") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5106] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5107]}, 88) = 5107 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5107] <... rseq resumed>) = 0 [pid 5107] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5106] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] <... mprotect resumed>) = 0 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] memfd_create("syzkaller", 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5107] <... memfd_create resumed>) = 3 [pid 5106] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5108 attached [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5108] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5106] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... rseq resumed>) = 0 [pid 5107] <... mmap resumed>) = 0x7f6a608fb000 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... futex resumed>) = 0 [pid 5108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... open resumed>) = 4 [pid 5108] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5108] fallocate(-1, 0, 35143, 7 [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5108] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5108] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... open resumed>) = 5 [pid 5108] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... write resumed>) = 262144 [pid 5106] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5106] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] munmap(0x7f6a608fb000, 262144 [pid 5108] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5106] <... futex resumed>) = 0 [pid 5108] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5106] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... munmap resumed>) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5108] <... futex resumed>) = 0 [pid 5107] <... openat resumed>) = 6 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file1", 0777) = 0 [ 56.947144][ T5107] loop0: detected capacity change from 0 to 512 [ 56.976908][ T5107] EXT4-fs (loop0): 1 orphan inode deleted [ 56.982916][ T5107] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5107] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./file1") = 0 [pid 5107] ioctl(6, LOOP_CLR_FD) = 0 [pid 5107] close(6) = 0 [pid 5107] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] exit_group(0 [pid 5107] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = ? [pid 5107] <... futex resumed>) = ? [pid 5106] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x555556643690) = 5111 [pid 5111] set_robust_list(0x5555566436a0, 24) = 0 [pid 5111] chdir("./20") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 56.995969][ T5107] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.034529][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5111] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5112] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5111] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5112] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5111] <... mprotect resumed>) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5112] <... set_robust_list resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5112] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5113 attached [pid 5113] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5111] <... clone3 resumed> => {parent_tid=[5113]}, 88) = 5113 [pid 5113] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... set_robust_list resumed>) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5112] <... memfd_create resumed>) = 3 [pid 5111] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... open resumed>) = 4 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5111] <... futex resumed>) = 0 [pid 5113] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... mmap resumed>) = 0x7f6a608fb000 [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... futex resumed>) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5113] fallocate(-1, 0, 35143, 7 [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5113] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5113] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5113] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5113] <... mount resumed>) = 0 [pid 5113] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5113] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5111] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5111] <... futex resumed>) = 0 [pid 5113] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5111] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... write resumed>) = 262144 [pid 5112] munmap(0x7f6a608fb000, 262144) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5112] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [ 57.106631][ T5112] loop0: detected capacity change from 0 to 512 [ 57.136214][ T5112] EXT4-fs (loop0): 1 orphan inode deleted [ 57.142074][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5112] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file1") = 0 [pid 5112] ioctl(6, LOOP_CLR_FD) = 0 [pid 5112] close(6) = 0 [pid 5112] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] exit_group(0) = ? [pid 5113] <... futex resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 57.154744][ T5112] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/20/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x5555566436a0, 24) = 0 [pid 5116] chdir("./21") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5116] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [ 57.203070][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5117 attached [pid 5117] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5116] <... clone3 resumed> => {parent_tid=[5117]}, 88) = 5117 [pid 5117] <... rseq resumed>) = 0 [pid 5117] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... mmap resumed>) = 0x7f6a6091c000 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5116] <... mmap resumed>) = 0x7f6a608fb000 [pid 5116] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5117] <... write resumed>) = 262144 [pid 5118] <... rseq resumed>) = 0 [pid 5116] <... clone3 resumed> => {parent_tid=[5118]}, 88) = 5118 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5118] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] munmap(0x7f6a6091c000, 262144) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5118] <... open resumed>) = 4 [pid 5117] <... openat resumed>) = 5 [pid 5117] ioctl(5, LOOP_SET_FD, 3 [pid 5118] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5117] <... ioctl resumed>) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file1", 0777 [pid 5116] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... mkdir resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5117] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5118] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5118] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5118] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5118] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5116] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... write resumed>) = 262144 [pid 5118] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5117] ioctl(5, LOOP_CLR_FD) = 0 [pid 5117] close(5) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] exit_group(0) = ? [pid 5118] <... futex resumed>) = ? [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 57.277198][ T5117] loop0: detected capacity change from 0 to 512 [ 57.295862][ T5117] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555566436a0, 24) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5119 [pid 5119] chdir("./22") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5119] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5119] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5120] <... rseq resumed>) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... futex resumed>) = 0 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5120] <... memfd_create resumed>) = 3 [pid 5119] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5119] <... mprotect resumed>) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5121]}, 88) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5120] <... write resumed>) = 262144 [pid 5120] munmap(0x7f6a608fb000, 262144 [pid 5121] <... rseq resumed>) = 0 [pid 5121] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] <... munmap resumed>) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5121] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5120] <... openat resumed>) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3 [pid 5121] <... open resumed>) = 5 [pid 5121] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... ioctl resumed>) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file1", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5121] <... futex resumed>) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5121] fallocate(-1, 0, 35143, 7 [pid 5119] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5119] <... futex resumed>) = 0 [pid 5121] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5121] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... mount resumed>) = 0 [pid 5121] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5119] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5119] <... futex resumed>) = 0 [pid 5121] <... open resumed>) = 3 [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5119] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... write resumed>) = 262144 [pid 5121] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [ 57.395941][ T5120] loop0: detected capacity change from 0 to 512 [ 57.413708][ T5122] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 57.421498][ T5120] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 57.439269][ T5120] EXT4-fs (loop0): get root inode failed [pid 5120] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 57.445188][ T5120] EXT4-fs (loop0): mount failed rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555566436a0, 24) = 0 [pid 5124] chdir("./23") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5124] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5125 attached => {parent_tid=[5125]}, 88) = 5125 [pid 5125] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] <... rseq resumed>) = 0 [pid 5125] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] <... set_robust_list resumed>) = 0 [pid 5124] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5125] memfd_create("syzkaller", 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5124] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5125] <... memfd_create resumed>) = 3 [pid 5124] <... mprotect resumed>) = 0 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5124] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5124] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5126 attached => {parent_tid=[5126]}, 88) = 5126 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5124] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5125] <... write resumed>) = 262144 [pid 5126] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5125] munmap(0x7f6a608fb000, 262144 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5125] <... munmap resumed>) = 0 [pid 5126] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5126] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5126] fallocate(-1, 0, 35143, 7 [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5126] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5126] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... openat resumed>) = 5 [pid 5124] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] ioctl(5, LOOP_SET_FD, 3 [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5126] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... ioctl resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5126] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] close(3 [pid 5124] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... close resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5126] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5125] mkdir("./file1", 0777 [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 3 [pid 5126] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... mkdir resumed>) = 0 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5126] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5124] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5126] <... write resumed>) = 262144 [pid 5126] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5126] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5125] ioctl(5, LOOP_CLR_FD) = 0 [pid 5125] close(5) = 0 [pid 5125] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... futex resumed>) = ? [pid 5124] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 57.529386][ T5125] loop0: detected capacity change from 0 to 512 [ 57.563472][ T5125] EXT4-fs (loop0): VFS: Can't find ext4 filesystem newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x555556643690) = 5127 [pid 5127] set_robust_list(0x5555566436a0, 24) = 0 [pid 5127] chdir("./24") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5127] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5128]}, 88) = 5128 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5127] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5127] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5129] <... rseq resumed>) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] <... set_robust_list resumed>) = 0 [pid 5127] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5128 attached [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... futex resumed>) = 0 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5128] <... rseq resumed>) = 0 [pid 5129] <... open resumed>) = 3 [pid 5128] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5129] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... set_robust_list resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5128] memfd_create("syzkaller", 0 [pid 5127] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] fallocate(-1, 0, 35143, 7 [pid 5127] <... futex resumed>) = 0 [pid 5128] <... memfd_create resumed>) = 4 [pid 5129] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... mmap resumed>) = 0x7f6a608fb000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] <... futex resumed>) = 0 [pid 5127] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5127] <... futex resumed>) = 0 [pid 5129] <... mount resumed>) = 0 [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5129] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5127] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5127] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5127] <... futex resumed>) = 0 [pid 5129] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5127] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... write resumed>) = 262144 [pid 5128] munmap(0x7f6a608fb000, 262144) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5128] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5128] close(4) = 0 [pid 5128] mkdir("./file1", 0777) = 0 [ 57.664823][ T5128] loop0: detected capacity change from 0 to 512 [ 57.686158][ T5128] EXT4-fs (loop0): 1 orphan inode deleted [ 57.692113][ T5128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5128] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5128] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5128] chdir("./file1") = 0 [pid 5128] ioctl(6, LOOP_CLR_FD) = 0 [pid 5128] close(6) = 0 [pid 5128] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5127] <... exit_group resumed>) = ? [pid 5129] <... futex resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 57.704680][ T5128] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/24/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x5555566436a0, 24) = 0 [pid 5132] chdir("./25") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5132] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5133]}, 88) = 5133 ./strace-static-x86_64: Process 5133 attached [ 57.747524][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5132] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... rseq resumed>) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] memfd_create("syzkaller", 0 [pid 5132] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5133] <... memfd_create resumed>) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5132] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7f6a608fb000, 262144 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5133] <... munmap resumed>) = 0 [pid 5132] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5134 attached ) = 4 [pid 5134] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5132] <... clone3 resumed> => {parent_tid=[5134]}, 88) = 5134 [pid 5134] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5133] ioctl(4, LOOP_SET_FD, 3 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... set_robust_list resumed>) = 0 [pid 5133] <... ioctl resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] close(3 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] <... close resumed>) = 0 [pid 5134] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5133] mkdir("./file1", 0777 [pid 5134] <... open resumed>) = 3 [pid 5133] <... mkdir resumed>) = 0 [pid 5134] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5134] <... futex resumed>) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5134] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... mount resumed>) = 0 [pid 5134] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... open resumed>) = 5 [pid 5134] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5134] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 57.820336][ T5133] loop0: detected capacity change from 0 to 512 [ 57.852824][ T5135] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [pid 5132] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... write resumed>) = 262144 [pid 5134] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] exit_group(0 [pid 5134] <... futex resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5132] <... exit_group resumed>) = ? [pid 5133] <... futex resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 [ 57.860261][ T5133] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 57.879194][ T5133] EXT4-fs (loop0): get root inode failed [ 57.885132][ T5133] EXT4-fs (loop0): mount failed umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555556643690) = 5137 [pid 5137] set_robust_list(0x5555566436a0, 24) = 0 [pid 5137] chdir("./26") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5137] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5138 attached [pid 5138] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5137] <... clone3 resumed> => {parent_tid=[5138]}, 88) = 5138 [pid 5138] <... rseq resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5138] memfd_create("syzkaller", 0 [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] <... memfd_create resumed>) = 3 [pid 5137] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5137] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5138] <... mmap resumed>) = 0x7f6a608fb000 [pid 5137] <... mprotect resumed>) = 0 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5137] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] <... rseq resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... futex resumed>) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5139] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] fallocate(-1, 0, 35143, 7 [pid 5137] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... write resumed>) = 262144 [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] munmap(0x7f6a608fb000, 262144 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5139] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... mount resumed>) = 0 [pid 5139] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... munmap resumed>) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5139] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5139] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5138] <... openat resumed>) = 6 [pid 5137] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] ioctl(6, LOOP_SET_FD, 3 [pid 5139] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5139] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... ioctl resumed>) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file1", 0777) = 0 [ 57.983162][ T5138] loop0: detected capacity change from 0 to 512 [ 58.006551][ T5138] EXT4-fs (loop0): 1 orphan inode deleted [ 58.012388][ T5138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5138] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5138] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file1") = 0 [pid 5138] ioctl(6, LOOP_CLR_FD) = 0 [pid 5138] close(6) = 0 [pid 5138] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0 [pid 5139] <... futex resumed>) = ? [pid 5138] <... futex resumed>) = ? [pid 5137] <... exit_group resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 58.024948][ T5138] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/26/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached , child_tidptr=0x555556643690) = 5142 [pid 5142] set_robust_list(0x5555566436a0, 24) = 0 [pid 5142] chdir("./27") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5142] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5143 attached [pid 5143] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5142] <... clone3 resumed> => {parent_tid=[5143]}, 88) = 5143 [pid 5143] <... rseq resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] <... set_robust_list resumed>) = 0 [pid 5142] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] <... futex resumed>) = 0 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] memfd_create("syzkaller", 0 [pid 5142] <... futex resumed>) = 0 [pid 5143] <... memfd_create resumed>) = 3 [ 58.062512][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5142] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5143] <... mmap resumed>) = 0x7f6a608fb000 [pid 5142] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5142] <... mprotect resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5144]}, 88) = 5144 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5144] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5144] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... write resumed>) = 262144 [pid 5142] <... futex resumed>) = 0 [pid 5143] munmap(0x7f6a608fb000, 262144 [pid 5142] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] fallocate(-1, 0, 35143, 7 [pid 5142] <... futex resumed>) = 0 [pid 5144] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... munmap resumed>) = 0 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5142] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... openat resumed>) = 5 [pid 5142] <... futex resumed>) = 0 [pid 5144] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5143] ioctl(5, LOOP_SET_FD, 3 [pid 5144] <... mount resumed>) = 0 [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5144] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5142] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5143] <... ioctl resumed>) = 0 [pid 5142] <... futex resumed>) = 0 [pid 5143] close(3 [pid 5142] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... close resumed>) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5144] <... write resumed>) = 262144 [pid 5144] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5144] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5143] ioctl(5, LOOP_CLR_FD) = 0 [pid 5143] close(5) = 0 [pid 5143] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] exit_group(0) = ? [pid 5143] <... futex resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 58.135239][ T5143] loop0: detected capacity change from 0 to 512 [ 58.154033][ T5143] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x555556643690) = 5145 [pid 5145] set_robust_list(0x5555566436a0, 24) = 0 [pid 5145] chdir("./28") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5145] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5146 attached => {parent_tid=[5146]}, 88) = 5146 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5145] <... futex resumed>) = 0 [pid 5146] <... rseq resumed>) = 0 [pid 5146] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... set_robust_list resumed>) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5146] memfd_create("syzkaller", 0 [pid 5145] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5146] <... memfd_create resumed>) = 3 [pid 5145] <... mprotect resumed>) = 0 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5146] <... mmap resumed>) = 0x7f6a608fb000 [pid 5145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5145] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] <... rseq resumed>) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5147] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5145] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] <... futex resumed>) = 0 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 4 [pid 5146] <... write resumed>) = 262144 [pid 5146] munmap(0x7f6a608fb000, 262144 [pid 5147] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... munmap resumed>) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5146] ioctl(5, LOOP_SET_FD, 3 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5147] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5147] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5147] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... ioctl resumed>) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] close(3 [pid 5145] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5146] <... close resumed>) = 0 [pid 5146] mkdir("./file1", 0777) = 0 [pid 5146] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5147] <... write resumed>) = 262144 [pid 5147] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5147] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5146] ioctl(5, LOOP_CLR_FD) = 0 [pid 5146] close(5) = 0 [pid 5146] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5146] <... futex resumed>) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 [ 58.252447][ T5146] loop0: detected capacity change from 0 to 512 [ 58.270883][ T5146] EXT4-fs (loop0): VFS: Can't find ext4 filesystem getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x5555566436a0, 24) = 0 [pid 5148] chdir("./29") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5148] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5148] <... clone3 resumed> => {parent_tid=[5149]}, 88) = 5149 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5149] <... rseq resumed>) = 0 [pid 5149] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5148] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5149] <... mmap resumed>) = 0x7f6a608fb000 [pid 5148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5150]}, 88) = 5150 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5150 attached [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5148] <... futex resumed>) = 0 [pid 5150] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... rseq resumed>) = 0 [pid 5150] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5149] <... write resumed>) = 262144 [pid 5150] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] munmap(0x7f6a608fb000, 262144 [pid 5150] <... futex resumed>) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5150] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... munmap resumed>) = 0 [pid 5148] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] <... futex resumed>) = 0 [pid 5150] fallocate(-1, 0, 35143, 7 [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5148] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5149] <... openat resumed>) = 5 [pid 5148] <... futex resumed>) = 0 [pid 5150] <... mount resumed>) = 0 [pid 5149] ioctl(5, LOOP_SET_FD, 3 [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5150] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... open resumed>) = 6 [pid 5150] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5150] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5148] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... ioctl resumed>) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5150] <... write resumed>) = 262144 [pid 5150] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5150] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5149] ioctl(5, LOOP_CLR_FD) = 0 [pid 5149] close(5) = 0 [pid 5149] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] exit_group(0 [pid 5149] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5148] <... exit_group resumed>) = ? [pid 5150] <... futex resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 [ 58.368306][ T5149] loop0: detected capacity change from 0 to 512 [ 58.384451][ T5149] EXT4-fs (loop0): VFS: Can't find ext4 filesystem openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x555556643690) = 5151 [pid 5151] set_robust_list(0x5555566436a0, 24) = 0 [pid 5151] chdir("./30") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5151] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5152 attached [pid 5152] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5151] <... clone3 resumed> => {parent_tid=[5152]}, 88) = 5152 [pid 5152] <... rseq resumed>) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] memfd_create("syzkaller", 0 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] <... memfd_create resumed>) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5152] <... mmap resumed>) = 0x7f6a6091c000 [pid 5151] <... mmap resumed>) = 0x7f6a608fb000 [pid 5151] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} => {parent_tid=[5153]}, 88) = 5153 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5153 attached [pid 5152] <... write resumed>) = 262144 [pid 5153] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053) = 0 [pid 5152] munmap(0x7f6a6091c000, 262144 [pid 5153] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5152] <... munmap resumed>) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5152] <... openat resumed>) = 4 [pid 5153] <... open resumed>) = 5 [pid 5152] ioctl(4, LOOP_SET_FD, 3 [pid 5153] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5153] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] fallocate(-1, 0, 35143, 7 [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5153] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5151] <... futex resumed>) = 0 [pid 5153] <... mount resumed>) = 0 [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... ioctl resumed>) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./file1", 0777 [pid 5153] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5152] <... mkdir resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5153] <... open resumed>) = 3 [pid 5152] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5153] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5153] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] exit_group(0) = ? [pid 5152] <... futex resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x555556643690) = 5154 [pid 5154] set_robust_list(0x5555566436a0, 24) = 0 [pid 5154] chdir("./31") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [ 58.473192][ T5152] loop0: detected capacity change from 0 to 512 [ 58.502039][ T5152] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5154] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5154] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5155] <... rseq resumed>) = 0 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5155] <... memfd_create resumed>) = 3 [pid 5154] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5154] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5154] <... mprotect resumed>) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5156 attached [pid 5156] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5154] <... clone3 resumed> => {parent_tid=[5156]}, 88) = 5156 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5156] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5154] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... set_robust_list resumed>) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5155] <... write resumed>) = 262144 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5155] munmap(0x7f6a608fb000, 262144 [pid 5156] <... open resumed>) = 4 [pid 5155] <... munmap resumed>) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5155] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5156] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5156] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5156] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... mount resumed>) = 0 [pid 5156] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5156] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... open resumed>) = 3 [pid 5156] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... write resumed>) = 262144 [pid 5156] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5156] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5155] ioctl(5, LOOP_CLR_FD) = 0 [pid 5155] close(5) = 0 [pid 5155] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5155] <... futex resumed>) = ? [pid 5154] <... exit_group resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 58.573648][ T5155] loop0: detected capacity change from 0 to 512 [ 58.597548][ T5155] EXT4-fs (loop0): VFS: Can't find ext4 filesystem rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x555556643690) = 5157 [pid 5157] set_robust_list(0x5555566436a0, 24) = 0 [pid 5157] chdir("./32") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5157] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5158 attached => {parent_tid=[5158]}, 88) = 5158 [pid 5158] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... rseq resumed>) = 0 [pid 5158] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] <... set_robust_list resumed>) = 0 [pid 5157] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] <... futex resumed>) = 0 [pid 5158] memfd_create("syzkaller", 0 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5158] <... memfd_create resumed>) = 3 [pid 5157] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5157] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] <... mmap resumed>) = 0x7f6a608fb000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5159 attached => {parent_tid=[5159]}, 88) = 5159 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5159] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5157] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5158] <... write resumed>) = 262144 [pid 5157] <... futex resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5158] munmap(0x7f6a608fb000, 262144) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5159] <... open resumed>) = 4 [pid 5158] <... openat resumed>) = 5 [pid 5158] ioctl(5, LOOP_SET_FD, 3 [pid 5159] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5158] <... ioctl resumed>) = 0 [pid 5157] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] close(3 [pid 5159] <... futex resumed>) = 0 [pid 5158] <... close resumed>) = 0 [pid 5157] <... futex resumed>) = 1 [pid 5159] fallocate(-1, 0, 35143, 7 [pid 5158] mkdir("./file1", 0777 [pid 5159] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5158] <... mkdir resumed>) = 0 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] <... futex resumed>) = 0 [pid 5157] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mount resumed>) = 0 [pid 5159] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = 1 [pid 5159] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5159] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5158] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5158] ioctl(5, LOOP_CLR_FD) = 0 [pid 5158] close(5) = 0 [pid 5158] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] <... futex resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x555556643690) = 5160 [pid 5160] set_robust_list(0x5555566436a0, 24) = 0 [ 58.692339][ T5158] loop0: detected capacity change from 0 to 512 [ 58.713132][ T5158] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5160] chdir("./33") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5160] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5161 attached [pid 5161] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5160] <... clone3 resumed> => {parent_tid=[5161]}, 88) = 5161 [pid 5161] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] memfd_create("syzkaller", 0 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] <... memfd_create resumed>) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5161] <... mmap resumed>) = 0x7f6a6091c000 [pid 5160] <... mmap resumed>) = 0x7f6a608fb000 [pid 5160] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} => {parent_tid=[5162]}, 88) = 5162 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5162 attached [pid 5160] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... rseq resumed>) = 0 [pid 5162] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5161] <... write resumed>) = 262144 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] munmap(0x7f6a6091c000, 262144 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5162] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5161] <... munmap resumed>) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5161] ioctl(5, LOOP_SET_FD, 3 [pid 5162] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 1 [pid 5162] fallocate(-1, 0, 35143, 7 [pid 5160] <... futex resumed>) = 0 [pid 5162] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5160] <... futex resumed>) = 0 [pid 5162] <... mount resumed>) = 0 [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... ioctl resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5161] close(3 [pid 5160] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5161] <... close resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5162] <... open resumed>) = 3 [pid 5161] mkdir("./file1", 0777 [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... mkdir resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5161] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5160] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5162] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5160] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... write resumed>) = 262144 [pid 5162] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5162] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5161] ioctl(5, LOOP_CLR_FD) = 0 [pid 5161] close(5) = 0 [pid 5161] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5161] <... futex resumed>) = ? [pid 5160] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 58.803542][ T5161] loop0: detected capacity change from 0 to 512 [ 58.835428][ T5161] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 58.845328][ T5161] EXT4-fs (loop0): group descriptors corrupted! newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x555556643690) = 5163 [pid 5163] set_robust_list(0x5555566436a0, 24) = 0 [pid 5163] chdir("./34") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5163] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5164]}, 88) = 5164 [pid 5164] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] <... set_robust_list resumed>) = 0 [pid 5163] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... futex resumed>) = 0 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] memfd_create("syzkaller", 0 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... memfd_create resumed>) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5164] <... mmap resumed>) = 0x7f6a6091c000 [pid 5163] <... mmap resumed>) = 0x7f6a608fb000 [pid 5163] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5163] <... mprotect resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5165 attached => {parent_tid=[5165]}, 88) = 5165 [pid 5165] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] <... rseq resumed>) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] set_robust_list(0x7f6a6091b9a0, 24 [pid 5163] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... futex resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5165] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... write resumed>) = 262144 [pid 5165] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] munmap(0x7f6a6091c000, 262144 [pid 5163] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5164] <... munmap resumed>) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] <... openat resumed>) = 5 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5165] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] ioctl(5, LOOP_SET_FD, 3 [pid 5163] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5163] <... futex resumed>) = 0 [pid 5165] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5165] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... ioctl resumed>) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file1", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file1") = 0 [pid 5164] ioctl(5, LOOP_CLR_FD) = 0 [pid 5164] close(5) = 0 [pid 5164] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5163] <... exit_group resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 58.958762][ T5164] loop0: detected capacity change from 0 to 512 [ 58.976345][ T5164] EXT4-fs (loop0): 1 orphan inode deleted [ 58.982367][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.995477][ T5164] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/34/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x555556643690) = 5169 [pid 5169] set_robust_list(0x5555566436a0, 24) = 0 [pid 5169] chdir("./35") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5169] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5170 attached => {parent_tid=[5170]}, 88) = 5170 [pid 5170] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... rseq resumed>) = 0 [pid 5170] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] <... set_robust_list resumed>) = 0 [pid 5169] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] <... futex resumed>) = 0 [pid 5170] memfd_create("syzkaller", 0 [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5170] <... memfd_create resumed>) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5169] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5170] <... mmap resumed>) = 0x7f6a608fb000 [pid 5169] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 59.037420][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5171]}, 88) = 5171 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5171] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5170] <... write resumed>) = 262144 [pid 5170] munmap(0x7f6a608fb000, 262144) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5170] ioctl(5, LOOP_SET_FD, 3 [pid 5171] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... ioctl resumed>) = 0 [pid 5171] fallocate(-1, 0, 35143, 7 [pid 5170] close(3 [pid 5171] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5170] <... close resumed>) = 0 [pid 5171] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] mkdir("./file1", 0777 [pid 5171] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5171] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... mkdir resumed>) = 0 [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5171] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5171] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5171] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5169] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.106347][ T5170] loop0: detected capacity change from 0 to 512 [ 59.133440][ T5172] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [pid 5169] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... write resumed>) = 262144 [pid 5171] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5170] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5170] ioctl(5, LOOP_CLR_FD) = 0 [pid 5170] close(5) = 0 [pid 5170] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 59.133539][ T5170] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 59.147890][ T5170] EXT4-fs (loop0): get root inode failed [ 59.168279][ T5170] EXT4-fs (loop0): mount failed unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x5555566436a0, 24) = 0 [pid 5174] chdir("./36") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5174] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5174] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... set_robust_list resumed>) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5175] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] memfd_create("syzkaller", 0 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... memfd_create resumed>) = 3 [pid 5174] <... futex resumed>) = 0 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5175] <... mmap resumed>) = 0x7f6a608fb000 [pid 5174] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5174] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5174] <... clone3 resumed> => {parent_tid=[5176]}, 88) = 5176 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5174] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5176 attached [pid 5175] <... write resumed>) = 262144 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5175] munmap(0x7f6a608fb000, 262144 [pid 5176] <... rseq resumed>) = 0 [pid 5176] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5175] <... munmap resumed>) = 0 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5175] ioctl(5, LOOP_SET_FD, 3 [pid 5176] <... open resumed>) = 4 [pid 5176] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5176] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] <... futex resumed>) = 0 [pid 5176] fallocate(-1, 0, 35143, 7 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5174] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5174] <... futex resumed>) = 0 [pid 5176] <... mount resumed>) = 0 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5176] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5174] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... ioctl resumed>) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file1", 0777) = 0 [ 59.265443][ T5175] loop0: detected capacity change from 0 to 512 [ 59.271867][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 59.271878][ T28] audit: type=1800 audit(1694896893.175:38): pid=5176 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.274711][ T5176] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5175] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5176] <... write resumed>) = -1 EIO (Input/output error) [pid 5176] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5176] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5175] ioctl(5, LOOP_CLR_FD) = 0 [pid 5175] close(5) = 0 [pid 5175] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] exit_group(0 [pid 5175] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = ? [pid 5174] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached , child_tidptr=0x555556643690) = 5177 [ 59.308361][ T5176] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 59.320526][ T5175] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5177] set_robust_list(0x5555566436a0, 24) = 0 [pid 5177] chdir("./37") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5177] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5178 attached => {parent_tid=[5178]}, 88) = 5178 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5177] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... futex resumed>) = 0 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5177] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5177] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5178] <... memfd_create resumed>) = 3 [pid 5177] <... mprotect resumed>) = 0 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5179 attached => {parent_tid=[5179]}, 88) = 5179 [pid 5179] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5177] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... futex resumed>) = 0 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5178] <... write resumed>) = 262144 [pid 5179] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5177] <... futex resumed>) = 1 [pid 5179] fallocate(-1, 0, 35143, 7 [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5179] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5179] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5177] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... mount resumed>) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5179] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... futex resumed>) = 0 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5179] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 5 [pid 5179] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] munmap(0x7f6a608fb000, 262144) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5178] ioctl(6, LOOP_SET_FD, 3 [pid 5179] <... futex resumed>) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5179] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5179] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5177] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... ioctl resumed>) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file1", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5179] <... write resumed>) = 262144 [pid 5179] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5179] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5178] ioctl(6, LOOP_CLR_FD) = 0 [pid 5178] close(6) = 0 [pid 5178] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0 [pid 5179] <... futex resumed>) = ? [pid 5178] <... futex resumed>) = ? [pid 5177] <... exit_group resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 [ 59.408470][ T28] audit: type=1800 audit(1694896893.305:39): pid=5179 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.419927][ T5178] loop0: detected capacity change from 0 to 512 [ 59.446869][ T5178] EXT4-fs (loop0): VFS: Can't find ext4 filesystem getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x5555566436a0, 24) = 0 [pid 5180] chdir("./38") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5180] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5181]}, 88) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5181] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5181] memfd_create("syzkaller", 0 [pid 5180] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5181] <... memfd_create resumed>) = 3 [pid 5180] <... mprotect resumed>) = 0 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5181] <... mmap resumed>) = 0x7f6a608fb000 [pid 5180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5182 attached => {parent_tid=[5182]}, 88) = 5182 [pid 5182] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] <... rseq resumed>) = 0 [pid 5182] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5180] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] <... futex resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5182] <... open resumed>) = 4 [pid 5182] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... write resumed>) = 262144 [pid 5182] <... futex resumed>) = 1 [pid 5182] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] munmap(0x7f6a608fb000, 262144) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5181] ioctl(5, LOOP_SET_FD, 3 [pid 5180] <... futex resumed>) = 0 [pid 5181] <... ioctl resumed>) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file1", 0777 [pid 5180] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5182] fallocate(-1, 0, 35143, 7 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5182] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5182] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5180] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... mkdir resumed>) = 0 [pid 5182] <... mount resumed>) = 0 [pid 5182] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5182] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5180] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... open resumed>) = 3 [pid 5181] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5182] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5181] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5181] ioctl(5, LOOP_CLR_FD) = 0 [pid 5181] close(5) = 0 [pid 5181] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... write resumed>) = 262144 [pid 5182] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5180] exit_group(0 [pid 5182] exit_group(0 [pid 5181] <... futex resumed>) = ? [pid 5180] <... exit_group resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 59.525489][ T28] audit: type=1800 audit(1694896893.435:40): pid=5182 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.538356][ T5181] loop0: detected capacity change from 0 to 512 [ 59.563368][ T5181] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x555556643690) = 5183 [pid 5183] set_robust_list(0x5555566436a0, 24) = 0 [pid 5183] chdir("./39") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5183] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5183] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5184] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5183] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5183] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5184] <... mmap resumed>) = 0x7f6a608fb000 [pid 5183] <... mprotect resumed>) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5185]}, 88) = 5185 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5183] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [pid 5185] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5185] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5185] <... set_robust_list resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5185] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] fallocate(-1, 0, 35143, 7 [pid 5184] <... write resumed>) = 262144 [pid 5184] munmap(0x7f6a608fb000, 262144) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5184] ioctl(5, LOOP_SET_FD, 3 [pid 5185] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5185] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5185] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5185] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... mount resumed>) = 0 [pid 5184] <... ioctl resumed>) = 0 [pid 5184] close(3) = 0 [pid 5185] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] mkdir("./file1", 0777 [pid 5185] <... futex resumed>) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5185] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5183] <... futex resumed>) = 0 [pid 5185] <... open resumed>) = 3 [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5185] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5185] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5183] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... mkdir resumed>) = 0 [pid 5184] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5185] <... write resumed>) = 262144 [pid 5185] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5185] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5184] ioctl(5, LOOP_CLR_FD) = 0 [pid 5184] close(5) = 0 [pid 5184] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5184] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 59.661016][ T28] audit: type=1800 audit(1694896893.565:41): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.675892][ T5184] loop0: detected capacity change from 0 to 512 [ 59.703199][ T5184] EXT4-fs (loop0): VFS: Can't find ext4 filesystem rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x5555566436a0, 24) = 0 [pid 5186] chdir("./40" [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5186 [pid 5186] <... chdir resumed>) = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5186] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5186] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rseq resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5186] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5186] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5187] memfd_create("syzkaller", 0 [pid 5186] <... mprotect resumed>) = 0 [pid 5187] <... memfd_create resumed>) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5187] <... mmap resumed>) = 0x7f6a608fb000 [pid 5186] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5188 attached [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5188] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5186] <... clone3 resumed> => {parent_tid=[5188]}, 88) = 5188 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] <... rseq resumed>) = 0 [pid 5187] <... write resumed>) = 262144 [pid 5188] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5187] munmap(0x7f6a608fb000, 262144 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5187] <... munmap resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5187] ioctl(5, LOOP_SET_FD, 3 [pid 5188] <... open resumed>) = 4 [pid 5187] <... ioctl resumed>) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5188] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5188] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5188] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... mount resumed>) = 0 [pid 5188] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5186] <... futex resumed>) = 0 [pid 5188] <... open resumed>) = 3 [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... write resumed>) = 262144 [pid 5188] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5186] <... futex resumed>) = 0 [pid 5188] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] ioctl(5, LOOP_CLR_FD) = 0 [pid 5187] close(5) = 0 [pid 5187] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] exit_group(0 [pid 5187] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... exit_group resumed>) = ? [pid 5187] <... futex resumed>) = ? [pid 5188] <... futex resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 59.794389][ T5187] loop0: detected capacity change from 0 to 512 [ 59.795394][ T28] audit: type=1800 audit(1694896893.705:42): pid=5188 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.834807][ T5187] EXT4-fs (loop0): Magic mismatch, very weird! rmdir("./40/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x555556643690) = 5189 [pid 5189] set_robust_list(0x5555566436a0, 24) = 0 [pid 5189] chdir("./41") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5189] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5190 attached => {parent_tid=[5190]}, 88) = 5190 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5190] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] <... futex resumed>) = 0 [pid 5190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] memfd_create("syzkaller", 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5190] <... memfd_create resumed>) = 3 [pid 5189] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5190] <... mmap resumed>) = 0x7f6a608fb000 [pid 5189] <... mprotect resumed>) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5191 attached [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5191] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5189] <... clone3 resumed> => {parent_tid=[5191]}, 88) = 5191 [pid 5191] <... rseq resumed>) = 0 [pid 5190] <... write resumed>) = 262144 [pid 5191] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5190] munmap(0x7f6a608fb000, 262144 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5190] <... munmap resumed>) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... openat resumed>) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... futex resumed>) = 0 [pid 5191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5191] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] fallocate(-1, 0, 35143, 7 [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5191] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5191] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5191] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... open resumed>) = 6 [pid 5191] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5189] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... ioctl resumed>) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file1", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5191] <... write resumed>) = -1 EIO (Input/output error) [pid 5191] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [ 59.922958][ T5190] loop0: detected capacity change from 0 to 512 [ 59.929260][ T28] audit: type=1800 audit(1694896893.835:43): pid=5191 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.944800][ T5191] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 59.959478][ T5191] Buffer I/O error on dev loop0, logical block 31, lost async page write [pid 5191] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5190] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x555556643690) = 5192 [pid 5192] set_robust_list(0x5555566436a0, 24) = 0 [pid 5192] chdir("./42") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [ 59.975853][ T5190] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5192] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5193 attached => {parent_tid=[5193]}, 88) = 5193 [pid 5193] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... rseq resumed>) = 0 [pid 5193] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5192] <... futex resumed>) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5193] <... set_robust_list resumed>) = 0 [pid 5192] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] <... mprotect resumed>) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5194 attached => {parent_tid=[5194]}, 88) = 5194 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5194] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5194] <... rseq resumed>) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5193] <... mmap resumed>) = 0x7f6a608fb000 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] <... set_robust_list resumed>) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5192] <... futex resumed>) = 1 [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5194] fallocate(-1, 0, 35143, 7 [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5194] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5194] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... mount resumed>) = 0 [pid 5194] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... futex resumed>) = 1 [pid 5194] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5194] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5194] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5192] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5194] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7f6a608fb000, 262144) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5193] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [ 60.061603][ T28] audit: type=1800 audit(1694896893.965:44): pid=5194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 60.073436][ T5193] loop0: detected capacity change from 0 to 512 [pid 5193] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file1") = 0 [pid 5193] ioctl(6, LOOP_CLR_FD) = 0 [pid 5193] close(6) = 0 [pid 5193] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5194] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 60.106973][ T5193] EXT4-fs (loop0): 1 orphan inode deleted [ 60.112834][ T5193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.125736][ T5193] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/42/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x555556643690) = 5198 [pid 5198] set_robust_list(0x5555566436a0, 24) = 0 [pid 5198] chdir("./43") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5198] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5198] <... clone3 resumed> => {parent_tid=[5199]}, 88) = 5199 [pid 5199] <... rseq resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5198] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... futex resumed>) = 0 [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] memfd_create("syzkaller", 0 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... memfd_create resumed>) = 3 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5198] <... mmap resumed>) = 0x7f6a608fb000 [pid 5198] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5200 attached => {parent_tid=[5200]}, 88) = 5200 [pid 5200] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5199] <... write resumed>) = 262144 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] <... rseq resumed>) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5198] <... futex resumed>) = 0 [ 60.178981][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5200] <... open resumed>) = 4 [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] munmap(0x7f6a6091c000, 262144 [pid 5200] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... munmap resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5199] ioctl(5, LOOP_SET_FD, 3 [pid 5198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... ioctl resumed>) = 0 [pid 5198] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] close(3 [pid 5200] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5200] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5200] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... close resumed>) = 0 [pid 5199] mkdir("./file1", 0777 [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5200] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... mount resumed>) = 0 [pid 5200] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5200] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5198] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... open resumed>) = 3 [pid 5200] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5200] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... mkdir resumed>) = 0 [pid 5198] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5200] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5199] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5198] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... write resumed>) = 262144 [pid 5200] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [ 60.238160][ T28] audit: type=1800 audit(1694896894.145:45): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 60.240479][ T5199] loop0: detected capacity change from 0 to 512 [pid 5200] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5199] ioctl(5, LOOP_CLR_FD) = 0 [pid 5199] close(5) = 0 [pid 5199] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5198] <... exit_group resumed>) = ? [pid 5200] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x555556643690) = 5201 [pid 5201] set_robust_list(0x5555566436a0, 24) = 0 [pid 5201] chdir("./44") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5201] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5202]}, 88) = 5202 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5201] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5202 attached [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 60.293331][ T5199] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5203 attached [pid 5202] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5203] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5201] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5203] <... rseq resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5201] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5203] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... rseq resumed>) = 0 [pid 5202] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] <... open resumed>) = 3 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] memfd_create("syzkaller", 0 [pid 5203] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... memfd_create resumed>) = 4 [pid 5203] <... futex resumed>) = 1 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5203] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... mmap resumed>) = 0x7f6a608fb000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5203] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5203] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5201] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5201] <... futex resumed>) = 0 [pid 5203] <... mount resumed>) = 0 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5202] <... write resumed>) = 262144 [pid 5201] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... open resumed>) = 5 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5201] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] munmap(0x7f6a608fb000, 262144) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5202] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5202] close(4) = 0 [pid 5202] mkdir("./file1", 0777) = 0 [ 60.359355][ T28] audit: type=1800 audit(1694896894.265:46): pid=5203 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 60.393992][ T5202] loop0: detected capacity change from 0 to 512 [pid 5202] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5202] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5202] chdir("./file1") = 0 [pid 5202] ioctl(6, LOOP_CLR_FD) = 0 [pid 5202] close(6) = 0 [pid 5202] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] exit_group(0 [pid 5203] <... futex resumed>) = ? [pid 5202] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 60.415641][ T5202] EXT4-fs (loop0): 1 orphan inode deleted [ 60.421556][ T5202] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.434230][ T5202] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/44/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x5555566436a0, 24) = 0 [pid 5206] chdir("./45") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5206] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5206] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 60.472809][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5207]}, 88) = 5207 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5206] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5206] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5207 attached [pid 5207] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5207] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5207] <... set_robust_list resumed>) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5206] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5207] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5208 attached ) = 3 [pid 5208] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5208] <... rseq resumed>) = 0 [pid 5207] <... mmap resumed>) = 0x7f6a608fb000 [pid 5208] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5206] <... clone3 resumed> => {parent_tid=[5208]}, 88) = 5208 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5206] <... futex resumed>) = 0 [pid 5208] <... open resumed>) = 4 [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] fallocate(-1, 0, 35143, 7 [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5208] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5206] <... futex resumed>) = 0 [pid 5208] <... mount resumed>) = 0 [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 5 [pid 5208] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5206] <... futex resumed>) = 0 [pid 5208] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5206] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... write resumed>) = 262144 [pid 5207] munmap(0x7f6a608fb000, 262144) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5207] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file1", 0777) = 0 [ 60.550000][ T28] audit: type=1800 audit(1694896894.455:47): pid=5208 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 60.566273][ T5207] loop0: detected capacity change from 0 to 512 [ 60.586070][ T5207] EXT4-fs (loop0): 1 orphan inode deleted [pid 5207] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file1") = 0 [pid 5207] ioctl(6, LOOP_CLR_FD) = 0 [pid 5207] close(6) = 0 [pid 5207] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] exit_group(0) = ? [pid 5207] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5208] <... futex resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 60.591896][ T5207] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.604534][ T5207] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/45/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x5555566436a0, 24) = 0 [pid 5211] chdir("./46") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [ 60.644208][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5211] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5212 attached => {parent_tid=[5212]}, 88) = 5212 [pid 5212] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... rseq resumed>) = 0 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5211] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... set_robust_list resumed>) = 0 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5211] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] memfd_create("syzkaller", 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5212] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5213 attached [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5211] <... clone3 resumed> => {parent_tid=[5213]}, 88) = 5213 [pid 5213] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5212] <... mmap resumed>) = 0x7f6a608fb000 [pid 5213] <... rseq resumed>) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5213] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5212] <... write resumed>) = 262144 [pid 5212] munmap(0x7f6a608fb000, 262144) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5212] ioctl(5, LOOP_SET_FD, 3 [pid 5213] <... open resumed>) = 4 [pid 5213] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5213] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5213] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5213] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5212] <... ioctl resumed>) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file1", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5213] <... write resumed>) = 262144 [pid 5213] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5213] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5212] ioctl(5, LOOP_CLR_FD) = 0 [pid 5212] close(5) = 0 [pid 5212] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 [ 60.739468][ T5212] loop0: detected capacity change from 0 to 512 [ 60.756400][ T5212] EXT4-fs (loop0): VFS: Can't find ext4 filesystem getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x555556643690) = 5214 [pid 5214] set_robust_list(0x5555566436a0, 24) = 0 [pid 5214] chdir("./47") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5214] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5215 attached => {parent_tid=[5215]}, 88) = 5215 [pid 5215] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5215] memfd_create("syzkaller", 0 [pid 5214] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5214] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5215] <... memfd_create resumed>) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5214] <... mprotect resumed>) = 0 [pid 5215] <... mmap resumed>) = 0x7f6a608fb000 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5216 attached [pid 5216] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5214] <... clone3 resumed> => {parent_tid=[5216]}, 88) = 5216 [pid 5216] <... rseq resumed>) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5214] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5216] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... open resumed>) = 4 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5216] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5216] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5216] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... mount resumed>) = 0 [pid 5215] <... write resumed>) = 262144 [pid 5216] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5214] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5215] munmap(0x7f6a608fb000, 262144 [pid 5216] <... open resumed>) = 5 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... munmap resumed>) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5216] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5216] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 1 [pid 5214] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5215] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file1", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file1") = 0 [pid 5215] ioctl(6, LOOP_CLR_FD) = 0 [pid 5215] close(6) = 0 [pid 5215] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] exit_group(0) = ? [pid 5216] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 60.845280][ T5215] loop0: detected capacity change from 0 to 512 [ 60.864803][ T5215] EXT4-fs (loop0): 1 orphan inode deleted [ 60.870535][ T5215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.883223][ T5215] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/47/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x5555566436a0, 24) = 0 [pid 5219] chdir("./48") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5219 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5219] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5220 attached => {parent_tid=[5220]}, 88) = 5220 [pid 5220] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... rseq resumed>) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5219] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... futex resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... memfd_create resumed>) = 3 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5219] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.925095][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5219] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5221 attached [pid 5221] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5219] <... clone3 resumed> => {parent_tid=[5221]}, 88) = 5221 [pid 5221] <... rseq resumed>) = 0 [pid 5221] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5221] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... write resumed>) = 262144 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] munmap(0x7f6a608fb000, 262144 [pid 5219] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... munmap resumed>) = 0 [pid 5219] <... futex resumed>) = 1 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 0 [pid 5221] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5220] <... openat resumed>) = 4 [pid 5221] <... open resumed>) = 5 [pid 5220] ioctl(4, LOOP_SET_FD, 3 [pid 5221] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5221] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5221] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5221] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5221] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... open resumed>) = 6 [pid 5220] <... ioctl resumed>) = 0 [pid 5220] close(3) = 0 [pid 5221] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] mkdir("./file1", 0777 [pid 5221] <... futex resumed>) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... mkdir resumed>) = 0 [pid 5221] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5220] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5219] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5221] <... write resumed>) = 262144 [pid 5221] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 0 [pid 5219] exit_group(0 [pid 5221] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 5219] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 60.990365][ T5220] loop0: detected capacity change from 0 to 512 [ 61.000347][ T5220] EXT4-fs (loop0): VFS: Can't find ext4 filesystem rmdir("./48/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x555556643690) = 5222 [pid 5222] set_robust_list(0x5555566436a0, 24) = 0 [pid 5222] chdir("./49") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5222] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5223]}, 88) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] <... rseq resumed>) = 0 [pid 5223] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5222] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5223] <... set_robust_list resumed>) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5224 attached [pid 5223] memfd_create("syzkaller", 0 [pid 5222] <... clone3 resumed> => {parent_tid=[5224]}, 88) = 5224 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... memfd_create resumed>) = 3 [pid 5222] <... futex resumed>) = 0 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5224] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5223] <... mmap resumed>) = 0x7f6a608fb000 [pid 5224] <... rseq resumed>) = 0 [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5224] <... open resumed>) = 4 [pid 5224] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... write resumed>) = 262144 [pid 5224] <... futex resumed>) = 1 [pid 5223] munmap(0x7f6a608fb000, 262144 [pid 5222] <... futex resumed>) = 0 [pid 5224] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... munmap resumed>) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5224] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... openat resumed>) = 5 [pid 5222] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5222] <... futex resumed>) = 0 [pid 5224] <... mount resumed>) = 0 [pid 5223] ioctl(5, LOOP_SET_FD, 3 [pid 5224] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5224] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5224] <... open resumed>) = 6 [pid 5224] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... ioctl resumed>) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5223] close(3 [pid 5222] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... close resumed>) = 0 [pid 5224] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5222] <... futex resumed>) = 1 [pid 5223] mkdir("./file1", 0777) = 0 [pid 5222] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5224] <... write resumed>) = 262144 [pid 5224] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5224] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5223] ioctl(5, LOOP_CLR_FD) = 0 [pid 5223] close(5) = 0 [pid 5223] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] exit_group(0 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = ? [pid 5223] <... futex resumed>) = ? [pid 5222] <... exit_group resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x555556643690) = 5225 [pid 5225] set_robust_list(0x5555566436a0, 24) = 0 [pid 5225] chdir("./50") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [ 61.097392][ T5223] loop0: detected capacity change from 0 to 512 [ 61.120917][ T5223] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5225] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5225] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5225] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5226] <... rseq resumed>) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5225] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] <... futex resumed>) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5225] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] memfd_create("syzkaller", 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5226] <... memfd_create resumed>) = 3 [pid 5225] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5227 attached [pid 5226] <... mmap resumed>) = 0x7f6a608fb000 [pid 5227] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5225] <... clone3 resumed> => {parent_tid=[5227]}, 88) = 5227 [pid 5227] <... rseq resumed>) = 0 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... set_robust_list resumed>) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5227] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5227] fallocate(-1, 0, 35143, 7 [pid 5225] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5227] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 0 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5226] <... write resumed>) = 262144 [pid 5226] munmap(0x7f6a608fb000, 262144 [pid 5227] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5227] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5226] <... munmap resumed>) = 0 [pid 5225] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] <... open resumed>) = 5 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5226] ioctl(6, LOOP_SET_FD, 3 [pid 5227] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5226] <... ioctl resumed>) = 0 [pid 5225] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] close(3 [pid 5225] <... futex resumed>) = 1 [pid 5227] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5226] <... close resumed>) = 0 [pid 5225] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] mkdir("./file1", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5227] <... write resumed>) = 262144 [pid 5227] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5227] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5226] ioctl(6, LOOP_CLR_FD) = 0 [pid 5226] close(6) = 0 [pid 5226] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] exit_group(0 [pid 5227] <... futex resumed>) = ? [pid 5225] <... exit_group resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5226] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.207184][ T5226] loop0: detected capacity change from 0 to 512 [ 61.224390][ T5226] EXT4-fs (loop0): VFS: Can't find ext4 filesystem newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5228 ./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x5555566436a0, 24) = 0 [pid 5228] chdir("./51") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5228] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5229]}, 88) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... rseq resumed>) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5228] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] <... futex resumed>) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5228] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5229] memfd_create("syzkaller", 0 [pid 5228] <... mprotect resumed>) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5229] <... memfd_create resumed>) = 3 [pid 5228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5229] <... mmap resumed>) = 0x7f6a608fb000 [pid 5228] <... clone3 resumed> => {parent_tid=[5230]}, 88) = 5230 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5230 attached [pid 5230] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5230] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5230] <... open resumed>) = 4 [pid 5230] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5230] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5230] fallocate(-1, 0, 35143, 7 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5230] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5228] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5228] <... futex resumed>) = 0 [pid 5230] <... mount resumed>) = 0 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5228] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... write resumed>) = 262144 [pid 5230] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5228] <... futex resumed>) = 0 [pid 5230] <... open resumed>) = 5 [pid 5229] munmap(0x7f6a608fb000, 262144 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5230] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5230] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5228] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5230] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... munmap resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5230] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5229] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./file1", 0777) = 0 [pid 5229] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file1") = 0 [pid 5229] ioctl(6, LOOP_CLR_FD) = 0 [pid 5229] close(6) = 0 [pid 5229] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] exit_group(0 [pid 5230] <... futex resumed>) = ? [pid 5229] <... futex resumed>) = ? [pid 5228] <... exit_group resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 61.327504][ T5229] loop0: detected capacity change from 0 to 512 [ 61.346100][ T5229] EXT4-fs (loop0): 1 orphan inode deleted [ 61.351897][ T5229] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.364438][ T5229] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/51/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x555556643690) = 5233 [pid 5233] set_robust_list(0x5555566436a0, 24) = 0 [pid 5233] chdir("./52") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5233] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 61.402767][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5233] <... clone3 resumed> => {parent_tid=[5234]}, 88) = 5234 [pid 5234] <... rseq resumed>) = 0 [pid 5234] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5234] memfd_create("syzkaller", 0 [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5234] <... memfd_create resumed>) = 3 [pid 5233] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5233] <... mprotect resumed>) = 0 [pid 5234] <... mmap resumed>) = 0x7f6a608fb000 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5233] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5235 attached => {parent_tid=[5235]}, 88) = 5235 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5235] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5235] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... write resumed>) = 262144 [pid 5235] <... futex resumed>) = 1 [pid 5234] munmap(0x7f6a608fb000, 262144 [pid 5235] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 0 [pid 5234] <... munmap resumed>) = 0 [pid 5235] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5235] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5234] ioctl(5, LOOP_SET_FD, 3 [pid 5235] <... futex resumed>) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5235] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... ioctl resumed>) = 0 [pid 5234] close(3 [pid 5233] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5234] <... close resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] mkdir("./file1", 0777 [pid 5235] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... open resumed>) = 3 [pid 5234] <... mkdir resumed>) = 0 [pid 5235] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5233] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5233] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... write resumed>) = 262144 [pid 5235] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5234] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5234] ioctl(5, LOOP_CLR_FD) = 0 [pid 5234] close(5) = 0 [pid 5234] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] exit_group(0 [pid 5235] <... futex resumed>) = ? [pid 5234] <... futex resumed>) = ? [pid 5233] <... exit_group resumed>) = ? [pid 5235] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x555556643690) = 5236 [pid 5236] set_robust_list(0x5555566436a0, 24) = 0 [pid 5236] chdir("./53") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5236] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5237 attached [pid 5237] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5236] <... clone3 resumed> => {parent_tid=[5237]}, 88) = 5237 [pid 5237] <... rseq resumed>) = 0 [pid 5237] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] <... set_robust_list resumed>) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] <... futex resumed>) = 0 [ 61.477431][ T5234] loop0: detected capacity change from 0 to 512 [ 61.494009][ T5234] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5237] memfd_create("syzkaller", 0 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... memfd_create resumed>) = 3 [pid 5236] <... futex resumed>) = 0 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5237] <... mmap resumed>) = 0x7f6a6091c000 [pid 5236] <... mmap resumed>) = 0x7f6a608fb000 [pid 5236] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053) = 0 [pid 5237] <... write resumed>) = 262144 [pid 5236] <... clone3 resumed> => {parent_tid=[5238]}, 88) = 5238 [pid 5238] set_robust_list(0x7f6a6091b9a0, 24 [pid 5237] munmap(0x7f6a6091c000, 262144 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] <... munmap resumed>) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5236] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5237] <... openat resumed>) = 4 [pid 5236] <... futex resumed>) = 0 [pid 5237] ioctl(4, LOOP_SET_FD, 3 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... open resumed>) = 5 [pid 5238] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... ioctl resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5237] close(3 [pid 5238] fallocate(-1, 0, 35143, 7 [pid 5237] <... close resumed>) = 0 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5237] mkdir("./file1", 0777 [pid 5238] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5237] <... mkdir resumed>) = 0 [pid 5237] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5238] <... mount resumed>) = 0 [pid 5238] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5238] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5238] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... write resumed>) = 262144 [pid 5238] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5238] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x555556643690) = 5239 [pid 5239] set_robust_list(0x5555566436a0, 24) = 0 [pid 5239] chdir("./54") = 0 [ 61.573110][ T5237] loop0: detected capacity change from 0 to 512 [ 61.597378][ T5237] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5239] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5240 attached => {parent_tid=[5240]}, 88) = 5240 [pid 5240] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5239] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... mprotect resumed>) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5240] memfd_create("syzkaller", 0 [pid 5241] <... rseq resumed>) = 0 [pid 5239] <... clone3 resumed> => {parent_tid=[5241]}, 88) = 5241 [pid 5241] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5240] <... memfd_create resumed>) = 3 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] <... set_robust_list resumed>) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... open resumed>) = 4 [pid 5240] <... mmap resumed>) = 0x7f6a608fb000 [pid 5241] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5241] fallocate(-1, 0, 35143, 7 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5239] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] <... futex resumed>) = 0 [pid 5239] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5239] <... futex resumed>) = 0 [pid 5241] <... open resumed>) = 5 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] <... futex resumed>) = 0 [pid 5239] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5239] <... futex resumed>) = 0 [pid 5241] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5241] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... write resumed>) = 262144 [pid 5240] munmap(0x7f6a608fb000, 262144) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5240] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file1", 0777) = 0 [ 61.683763][ T5240] loop0: detected capacity change from 0 to 512 [ 61.706463][ T5240] EXT4-fs (loop0): 1 orphan inode deleted [ 61.712393][ T5240] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5240] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file1") = 0 [pid 5240] ioctl(6, LOOP_CLR_FD) = 0 [pid 5240] close(6) = 0 [pid 5240] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] exit_group(0 [pid 5241] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 61.724963][ T5240] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/54/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.763147][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x5555566436a0, 24) = 0 [pid 5244] chdir("./55") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5244] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5245 attached => {parent_tid=[5245]}, 88) = 5245 [pid 5245] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] <... futex resumed>) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5244 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] memfd_create("syzkaller", 0 [pid 5244] <... futex resumed>) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5245] <... memfd_create resumed>) = 3 [pid 5244] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5244] <... mprotect resumed>) = 0 [pid 5245] <... mmap resumed>) = 0x7f6a608fb000 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5246 attached [pid 5246] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5246] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... clone3 resumed> => {parent_tid=[5246]}, 88) = 5246 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5246] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5245] <... write resumed>) = 262144 [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... open resumed>) = 4 [pid 5246] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5246] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... mount resumed>) = 0 [pid 5245] munmap(0x7f6a608fb000, 262144 [pid 5246] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... munmap resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5244] <... futex resumed>) = 0 [pid 5246] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... openat resumed>) = 6 [pid 5244] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5246] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5245] ioctl(6, LOOP_SET_FD, 3 [pid 5244] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5245] <... ioctl resumed>) = 0 [pid 5246] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file1", 0777) = 0 [ 61.843957][ T5245] loop0: detected capacity change from 0 to 512 [ 61.866327][ T5245] EXT4-fs (loop0): 1 orphan inode deleted [ 61.872315][ T5245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5245] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file1") = 0 [pid 5245] ioctl(6, LOOP_CLR_FD) = 0 [pid 5245] close(6) = 0 [pid 5245] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5244] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 61.884881][ T5245] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/55/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x555556643690) = 5249 [pid 5249] set_robust_list(0x5555566436a0, 24) = 0 [pid 5249] chdir("./56") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5249] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5249] <... clone3 resumed> => {parent_tid=[5250]}, 88) = 5250 [pid 5250] <... rseq resumed>) = 0 [pid 5250] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... set_robust_list resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [ 61.932574][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... futex resumed>) = 0 [pid 5250] memfd_create("syzkaller", 0 [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... memfd_create resumed>) = 3 [pid 5249] <... futex resumed>) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5249] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5250] <... mmap resumed>) = 0x7f6a608fb000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5249] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5251 attached => {parent_tid=[5251]}, 88) = 5251 [pid 5251] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] <... rseq resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5249] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] <... futex resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... open resumed>) = 4 [pid 5250] <... write resumed>) = 262144 [pid 5251] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] munmap(0x7f6a608fb000, 262144 [pid 5251] <... futex resumed>) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5251] fallocate(-1, 0, 35143, 7 [pid 5249] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5249] <... futex resumed>) = 0 [pid 5251] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... munmap resumed>) = 0 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5249] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... openat resumed>) = 5 [pid 5251] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5251] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5250] ioctl(5, LOOP_SET_FD, 3 [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5251] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... open resumed>) = 6 [pid 5251] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5251] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5249] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... ioctl resumed>) = 0 [pid 5250] close(3) = 0 [pid 5251] <... write resumed>) = 262144 [pid 5250] mkdir("./file1", 0777 [pid 5251] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... mkdir resumed>) = 0 [pid 5250] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 5250] ioctl(5, LOOP_CLR_FD) = 0 [pid 5250] close(5) = 0 [pid 5250] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... futex resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5249] <... exit_group resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 62.009014][ T5250] loop0: detected capacity change from 0 to 512 [ 62.027124][ T5250] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x555556643690) = 5252 [pid 5252] set_robust_list(0x5555566436a0, 24) = 0 [pid 5252] chdir("./57") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5252] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5253 attached => {parent_tid=[5253]}, 88) = 5253 [pid 5253] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] <... rseq resumed>) = 0 [pid 5253] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5252] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... set_robust_list resumed>) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5252] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5252] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5252] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] <... rseq resumed>) = 0 [pid 5254] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5252] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... futex resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5253] <... write resumed>) = 262144 [pid 5253] munmap(0x7f6a608fb000, 262144) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5253] ioctl(5, LOOP_SET_FD, 3 [pid 5254] <... open resumed>) = 4 [pid 5254] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5254] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5254] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5253] <... ioctl resumed>) = 0 [pid 5254] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5254] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 1 [pid 5254] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5252] <... futex resumed>) = 0 [pid 5253] close(3) = 0 [pid 5253] mkdir("./file1", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5252] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... write resumed>) = 262144 [pid 5254] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5254] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5253] ioctl(5, LOOP_CLR_FD) = 0 [pid 5253] close(5) = 0 [pid 5253] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] exit_group(0 [pid 5253] <... futex resumed>) = ? [pid 5252] <... exit_group resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5254] <... futex resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x5555566436a0, 24 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5255 [pid 5255] <... set_robust_list resumed>) = 0 [pid 5255] chdir("./58") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.128698][ T5253] loop0: detected capacity change from 0 to 512 [ 62.148657][ T5253] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5255] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5255] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5256] <... rseq resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5255] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] <... futex resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] memfd_create("syzkaller", 0 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... memfd_create resumed>) = 3 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5255] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5256] <... mmap resumed>) = 0x7f6a608fb000 [pid 5255] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5255] <... mprotect resumed>) = 0 [pid 5256] <... write resumed>) = 262144 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] munmap(0x7f6a608fb000, 262144 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5255] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5256] <... munmap resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5257] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... openat resumed>) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3 [pid 5255] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... ioctl resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5256] close(3 [pid 5257] <... open resumed>) = 5 [pid 5256] <... close resumed>) = 0 [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] mkdir("./file1", 0777 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5256] <... mkdir resumed>) = 0 [pid 5255] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] fallocate(-1, 0, 35143, 7 [pid 5256] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5255] <... futex resumed>) = 0 [pid 5257] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5257] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5255] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... mount resumed>) = 0 [pid 5257] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5257] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... open resumed>) = 3 [pid 5257] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... write resumed>) = 262144 [pid 5257] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5257] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] exit_group(0 [pid 5256] <... futex resumed>) = ? [pid 5255] <... exit_group resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5257] <... futex resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 [ 62.243263][ T5256] loop0: detected capacity change from 0 to 512 [ 62.271968][ T5256] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached , child_tidptr=0x555556643690) = 5258 [pid 5258] set_robust_list(0x5555566436a0, 24) = 0 [pid 5258] chdir("./59") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5258] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5258] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] <... rseq resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] <... futex resumed>) = 0 [pid 5259] memfd_create("syzkaller", 0 [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] <... memfd_create resumed>) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a608fb000 [pid 5258] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5260 attached [pid 5260] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5259] <... write resumed>) = 262144 [pid 5258] <... clone3 resumed> => {parent_tid=[5260]}, 88) = 5260 [pid 5260] <... rseq resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] set_robust_list(0x7f6a6091b9a0, 24 [pid 5259] munmap(0x7f6a6091c000, 262144 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5259] <... munmap resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] <... futex resumed>) = 0 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... open resumed>) = 4 [pid 5259] <... openat resumed>) = 5 [pid 5260] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] ioctl(5, LOOP_SET_FD, 3 [pid 5260] <... futex resumed>) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... ioctl resumed>) = 0 [pid 5258] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] close(3 [pid 5258] <... futex resumed>) = 0 [pid 5260] fallocate(-1, 0, 35143, 7 [pid 5259] <... close resumed>) = 0 [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5259] mkdir("./file1", 0777 [pid 5260] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... mkdir resumed>) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5260] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... mount resumed>) = 0 [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5260] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5260] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... open resumed>) = 3 [pid 5260] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5260] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5258] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... write resumed>) = 262144 [pid 5260] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5259] ioctl(5, LOOP_CLR_FD) = 0 [pid 5259] close(5) = 0 [pid 5259] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] exit_group(0 [pid 5260] <... futex resumed>) = ? [pid 5258] <... exit_group resumed>) = ? [pid 5259] <... futex resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 [ 62.349398][ T5259] loop0: detected capacity change from 0 to 512 [ 62.371254][ T5259] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5261 ./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x5555566436a0, 24) = 0 [pid 5261] chdir("./60") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5261] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5261] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] <... set_robust_list resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5262] memfd_create("syzkaller", 0 [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... memfd_create resumed>) = 3 [pid 5261] <... futex resumed>) = 0 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5262] <... mmap resumed>) = 0x7f6a6091c000 [pid 5261] <... mmap resumed>) = 0x7f6a608fb000 [pid 5261] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} => {parent_tid=[5263]}, 88) = 5263 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5263 attached [pid 5261] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5263] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5262] <... write resumed>) = 262144 [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] munmap(0x7f6a6091c000, 262144 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5262] <... munmap resumed>) = 0 [pid 5263] <... open resumed>) = 4 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5262] ioctl(5, LOOP_SET_FD, 3 [pid 5263] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5262] <... ioctl resumed>) = 0 [pid 5261] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] close(3 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... close resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [pid 5263] fallocate(-1, 0, 35143, 7 [pid 5262] mkdir("./file1", 0777 [pid 5263] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... mkdir resumed>) = 0 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5262] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5263] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5261] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] <... mount resumed>) = 0 [pid 5263] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5263] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5263] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5263] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5261] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... write resumed>) = 262144 [pid 5263] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5263] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5262] ioctl(5, LOOP_CLR_FD) = 0 [pid 5262] close(5) = 0 [pid 5262] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0 [pid 5263] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 62.466465][ T5262] loop0: detected capacity change from 0 to 512 [ 62.493113][ T5262] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x555556643690) = 5264 [pid 5264] set_robust_list(0x5555566436a0, 24) = 0 [pid 5264] chdir("./61") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5264] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5265 attached => {parent_tid=[5265]}, 88) = 5265 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5264] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5265] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5264] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5265] <... rseq resumed>) = 0 [pid 5265] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5266 attached [pid 5266] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5266] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5265] memfd_create("syzkaller", 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5266] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... clone3 resumed> => {parent_tid=[5266]}, 88) = 5266 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] <... memfd_create resumed>) = 3 [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5266] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5265] <... mmap resumed>) = 0x7f6a608fb000 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... open resumed>) = 4 [pid 5266] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5266] fallocate(-1, 0, 35143, 7 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5266] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... write resumed>) = 262144 [pid 5264] <... futex resumed>) = 0 [pid 5266] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] munmap(0x7f6a608fb000, 262144 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5265] <... munmap resumed>) = 0 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... mount resumed>) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5266] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] <... openat resumed>) = 5 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] ioctl(5, LOOP_SET_FD, 3 [pid 5264] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5266] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5265] <... ioctl resumed>) = 0 [pid 5265] close(3) = 0 [pid 5265] mkdir("./file1", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5266] <... write resumed>) = 262144 [pid 5266] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5266] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5265] ioctl(5, LOOP_CLR_FD) = 0 [pid 5265] close(5) = 0 [pid 5265] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] exit_group(0) = ? [pid 5266] <... futex resumed>) = ? [pid 5265] <... futex resumed>) = ? [pid 5266] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 [ 62.587613][ T5265] loop0: detected capacity change from 0 to 512 [ 62.604464][ T5265] EXT4-fs (loop0): VFS: Can't find ext4 filesystem mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x555556643690) = 5267 [pid 5267] set_robust_list(0x5555566436a0, 24) = 0 [pid 5267] chdir("./62") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5267] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5267] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5268] <... rseq resumed>) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5267] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] <... futex resumed>) = 0 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5268] memfd_create("syzkaller", 0 [pid 5267] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5267] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5268] <... memfd_create resumed>) = 3 [pid 5267] <... mprotect resumed>) = 0 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5268] <... mmap resumed>) = 0x7f6a608fb000 [pid 5267] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5268] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5269] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... clone3 resumed> => {parent_tid=[5269]}, 88) = 5269 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] munmap(0x7f6a608fb000, 262144) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5267] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... openat resumed>) = 4 [pid 5269] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5268] ioctl(4, LOOP_SET_FD, 3 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5269] fallocate(-1, 0, 35143, 7 [pid 5267] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5267] <... futex resumed>) = 0 [pid 5269] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5269] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... ioctl resumed>) = 0 [pid 5267] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] close(3 [pid 5269] <... futex resumed>) = 0 [pid 5268] <... close resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5269] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5268] mkdir("./file1", 0777 [pid 5269] <... open resumed>) = 3 [pid 5268] <... mkdir resumed>) = 0 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5267] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5269] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5267] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... write resumed>) = 262144 [pid 5269] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5268] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5268] ioctl(4, LOOP_CLR_FD) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] exit_group(0 [pid 5269] <... futex resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5268] <... futex resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5267] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5270 ./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x5555566436a0, 24) = 0 [pid 5270] chdir("./63") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [ 62.679768][ T5268] loop0: detected capacity change from 0 to 512 [ 62.700927][ T5268] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5270] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5271 attached => {parent_tid=[5271]}, 88) = 5271 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5270] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5271] <... rseq resumed>) = 0 [pid 5270] <... mprotect resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5272 attached [pid 5271] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5270] <... clone3 resumed> => {parent_tid=[5272]}, 88) = 5272 [pid 5272] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] <... set_robust_list resumed>) = 0 [pid 5270] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] <... futex resumed>) = 0 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5272] <... open resumed>) = 3 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5272] fallocate(-1, 0, 35143, 7 [pid 5271] memfd_create("syzkaller", 0 [pid 5272] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5270] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5270] <... futex resumed>) = 0 [pid 5271] <... memfd_create resumed>) = 4 [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... mount resumed>) = 0 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5272] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5272] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5272] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5271] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... open resumed>) = 5 [pid 5272] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5270] <... futex resumed>) = 0 [pid 5272] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... write resumed>) = 262144 [pid 5270] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] munmap(0x7f6a608fb000, 262144) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5271] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5271] close(4) = 0 [pid 5271] mkdir("./file1", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5271] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5271] chdir("./file1") = 0 [pid 5271] ioctl(6, LOOP_CLR_FD) = 0 [ 62.792080][ T5271] loop0: detected capacity change from 0 to 512 [ 62.817003][ T5271] EXT4-fs (loop0): 1 orphan inode deleted [ 62.822880][ T5271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5271] close(6) = 0 [pid 5271] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5270] <... exit_group resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 62.835513][ T5271] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/63/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x555556643690) = 5275 [pid 5275] set_robust_list(0x5555566436a0, 24) = 0 [pid 5275] chdir("./64") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5275] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5276] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5275] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5276] memfd_create("syzkaller", 0 [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] <... memfd_create resumed>) = 3 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5275] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5276] <... mmap resumed>) = 0x7f6a608fb000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5275] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5276] <... write resumed>) = 262144 [pid 5276] munmap(0x7f6a608fb000, 262144./strace-static-x86_64: Process 5277 attached [pid 5277] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5276] <... munmap resumed>) = 0 [pid 5275] <... clone3 resumed> => {parent_tid=[5277]}, 88) = 5277 [pid 5277] <... rseq resumed>) = 0 [ 62.885691][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5277] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... set_robust_list resumed>) = 0 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5275] <... futex resumed>) = 0 [pid 5276] <... openat resumed>) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3 [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... open resumed>) = 5 [pid 5276] <... ioctl resumed>) = 0 [pid 5277] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] close(3 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... close resumed>) = 0 [pid 5275] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5277] fallocate(-1, 0, 35143, 7 [pid 5276] mkdir("./file1", 0777 [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5276] <... mkdir resumed>) = 0 [pid 5277] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5276] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5277] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... open resumed>) = 3 [pid 5277] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... write resumed>) = 262144 [pid 5277] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] exit_group(0 [pid 5277] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.947949][ T5276] loop0: detected capacity change from 0 to 512 [ 62.973791][ T5276] EXT4-fs (loop0): Magic mismatch, very weird! ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555556643690) = 5278 [pid 5278] set_robust_list(0x5555566436a0, 24) = 0 [pid 5278] chdir("./65") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5278] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5279 attached => {parent_tid=[5279]}, 88) = 5279 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5279] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5278] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... rseq resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5279] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5278] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5279] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] <... mprotect resumed>) = 0 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5279] memfd_create("syzkaller", 0 [pid 5278] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5279] <... memfd_create resumed>) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5278] <... clone3 resumed> => {parent_tid=[5280]}, 88) = 5280 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5280 attached [pid 5279] <... mmap resumed>) = 0x7f6a608fb000 [pid 5278] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5280] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5280] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5280] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5280] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5278] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5278] <... futex resumed>) = 0 [pid 5280] <... mount resumed>) = 0 [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5280] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... open resumed>) = 5 [pid 5280] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5279] <... write resumed>) = 262144 [pid 5278] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5280] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5279] munmap(0x7f6a608fb000, 262144 [pid 5278] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5280] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5280] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... munmap resumed>) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5279] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file1", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5279] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file1") = 0 [pid 5279] ioctl(6, LOOP_CLR_FD) = 0 [pid 5279] close(6) = 0 [pid 5279] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0 [pid 5279] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5280] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 63.070063][ T5279] loop0: detected capacity change from 0 to 512 [ 63.086109][ T5279] EXT4-fs (loop0): 1 orphan inode deleted [ 63.091937][ T5279] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.104515][ T5279] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/65/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x555556643690) = 5283 [pid 5283] set_robust_list(0x5555566436a0, 24) = 0 [pid 5283] chdir("./66") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [ 63.145424][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5283] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5284 attached [pid 5284] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5283] <... clone3 resumed> => {parent_tid=[5284]}, 88) = 5284 [pid 5284] <... rseq resumed>) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] <... set_robust_list resumed>) = 0 [pid 5283] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... futex resumed>) = 0 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5283] <... futex resumed>) = 0 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5284] <... mmap resumed>) = 0x7f6a608fb000 [pid 5283] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5283] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5285 attached [pid 5285] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5283] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5285] <... rseq resumed>) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5284] <... write resumed>) = 262144 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] munmap(0x7f6a608fb000, 262144 [pid 5285] <... open resumed>) = 4 [pid 5284] <... munmap resumed>) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5284] ioctl(5, LOOP_SET_FD, 3 [pid 5285] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5285] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... ioctl resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5284] close(3 [pid 5283] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... close resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5284] mkdir("./file1", 0777 [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5285] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... mkdir resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5285] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5283] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5285] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... open resumed>) = 3 [pid 5285] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5285] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5283] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... write resumed>) = 262144 [pid 5285] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5284] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5284] ioctl(5, LOOP_CLR_FD) = 0 [pid 5284] close(5) = 0 [pid 5284] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] exit_group(0 [pid 5284] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5284] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached , child_tidptr=0x555556643690) = 5286 [pid 5286] set_robust_list(0x5555566436a0, 24) = 0 [pid 5286] chdir("./67") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5286] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5287 attached => {parent_tid=[5287]}, 88) = 5287 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5286] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5286] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 63.230098][ T5284] loop0: detected capacity change from 0 to 512 [ 63.257714][ T5284] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 63.268645][ T5284] EXT4-fs (loop0): group descriptors corrupted! [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5288 attached => {parent_tid=[5288]}, 88) = 5288 [pid 5288] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... set_robust_list resumed>) = 0 [pid 5286] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] <... futex resumed>) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5287] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5288] <... open resumed>) = 3 [pid 5288] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] <... futex resumed>) = 0 [pid 5288] fallocate(-1, 0, 35143, 7 [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5288] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5286] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... mount resumed>) = 0 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... open resumed>) = 4 [pid 5288] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 22455190 [pid 5286] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5288] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... futex resumed>) = 0 [pid 5287] <... rseq resumed>) = 0 [pid 5287] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] memfd_create("syzkaller", 0) = 5 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5287] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5287] munmap(0x7f6a608fb000, 262144) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5287] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5287] close(5) = 0 [pid 5287] mkdir("./file1", 0777) = 0 [ 63.326771][ T5287] loop0: detected capacity change from 0 to 512 [ 63.356883][ T5287] EXT4-fs (loop0): 1 orphan inode deleted [ 63.362738][ T5287] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5287] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5287] chdir("./file1") = 0 [pid 5287] ioctl(6, LOOP_CLR_FD) = 0 [pid 5287] close(6) = 0 [pid 5287] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5286] <... exit_group resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 63.375341][ T5287] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/67/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x5555566436a0, 24) = 0 [pid 5292] chdir("./68") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5292] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5293 attached [pid 5293] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5292] <... clone3 resumed> => {parent_tid=[5293]}, 88) = 5293 [pid 5293] <... rseq resumed>) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] <... set_robust_list resumed>) = 0 [pid 5292] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] <... futex resumed>) = 0 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] memfd_create("syzkaller", 0 [pid 5292] <... futex resumed>) = 0 [pid 5293] <... memfd_create resumed>) = 3 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5292] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5293] <... mmap resumed>) = 0x7f6a608fb000 [pid 5292] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] <... write resumed>) = 262144 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5293] munmap(0x7f6a608fb000, 262144./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5293] <... munmap resumed>) = 0 [pid 5292] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5293] <... openat resumed>) = 4 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] ioctl(4, LOOP_SET_FD, 3 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [ 63.417372][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5292] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5294] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 0 [pid 5294] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5294] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... ioctl resumed>) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./file1", 0777 [pid 5294] <... futex resumed>) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5292] <... futex resumed>) = 0 [pid 5293] <... mkdir resumed>) = 0 [pid 5294] <... mount resumed>) = 0 [pid 5293] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5292] <... futex resumed>) = 0 [pid 5294] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5292] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5294] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 0 [ 63.477882][ T5293] loop0: detected capacity change from 0 to 512 [ 63.493062][ T5295] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 63.503711][ T5293] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 63.518469][ T5293] EXT4-fs (loop0): get root inode failed [pid 5293] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] exit_group(0 [pid 5294] <... futex resumed>) = ? [pid 5292] <... exit_group resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 [ 63.524220][ T5293] EXT4-fs (loop0): mount failed mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x555556643690) = 5297 [pid 5297] set_robust_list(0x5555566436a0, 24) = 0 [pid 5297] chdir("./69") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5297] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5298 attached [pid 5298] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5298] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] <... clone3 resumed> => {parent_tid=[5298]}, 88) = 5298 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] memfd_create("syzkaller", 0 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] <... memfd_create resumed>) = 3 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5297] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5298] <... mmap resumed>) = 0x7f6a608fb000 [pid 5297] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5299 attached [pid 5299] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5299] <... rseq resumed>) = 0 [pid 5297] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... set_robust_list resumed>) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5297] <... futex resumed>) = 0 [pid 5298] <... write resumed>) = 262144 [pid 5299] <... open resumed>) = 4 [pid 5298] munmap(0x7f6a608fb000, 262144) = 0 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5299] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... openat resumed>) = 5 [pid 5299] <... futex resumed>) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] ioctl(5, LOOP_SET_FD, 3 [pid 5297] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5299] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5299] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... futex resumed>) = 1 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5299] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... ioctl resumed>) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file1", 0777 [pid 5299] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5299] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... mkdir resumed>) = 0 [pid 5297] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5299] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5297] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5299] <... write resumed>) = 262144 [pid 5298] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5299] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] ioctl(5, LOOP_CLR_FD [pid 5297] <... futex resumed>) = 0 [pid 5299] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... ioctl resumed>) = 0 [pid 5298] close(5) = 0 [pid 5298] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] exit_group(0 [pid 5299] <... futex resumed>) = ? [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] <... exit_group resumed>) = ? [pid 5299] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 63.611193][ T5298] loop0: detected capacity change from 0 to 512 [ 63.628765][ T5298] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5300 ./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x5555566436a0, 24) = 0 [pid 5300] chdir("./70") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5300] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5300] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5301 attached => {parent_tid=[5301]}, 88) = 5301 [pid 5301] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] <... rseq resumed>) = 0 [pid 5301] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5301] memfd_create("syzkaller", 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5301] <... memfd_create resumed>) = 3 [pid 5300] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5300] <... mprotect resumed>) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5302]}, 88) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5301] <... write resumed>) = 262144 [pid 5302] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] munmap(0x7f6a608fb000, 262144 [pid 5302] <... futex resumed>) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... munmap resumed>) = 0 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5302] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5300] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... openat resumed>) = 5 [pid 5302] <... futex resumed>) = 0 [pid 5301] ioctl(5, LOOP_SET_FD, 3 [pid 5302] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5301] <... ioctl resumed>) = 0 [pid 5301] close(3) = 0 [pid 5301] mkdir("./file1", 0777 [pid 5302] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... mkdir resumed>) = 0 [pid 5300] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5302] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5300] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5300] <... futex resumed>) = 0 [pid 5300] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... write resumed>) = 262144 [pid 5302] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... futex resumed>) = 0 [pid 5301] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5301] ioctl(5, LOOP_CLR_FD) = 0 [pid 5301] close(5) = 0 [pid 5301] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5301] <... futex resumed>) = ? [pid 5300] <... exit_group resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 63.733192][ T5301] loop0: detected capacity change from 0 to 512 [ 63.752285][ T5301] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x555556643690) = 5303 [pid 5303] set_robust_list(0x5555566436a0, 24) = 0 [pid 5303] chdir("./71") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5303] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5304 attached [pid 5304] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5303] <... clone3 resumed> => {parent_tid=[5304]}, 88) = 5304 [pid 5304] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] memfd_create("syzkaller", 0 [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... memfd_create resumed>) = 3 [pid 5303] <... futex resumed>) = 0 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a608fb000 [pid 5303] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5305 attached [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5305] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5303] <... clone3 resumed> => {parent_tid=[5305]}, 88) = 5305 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5303] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... rseq resumed>) = 0 [pid 5304] <... write resumed>) = 262144 [pid 5305] set_robust_list(0x7f6a6091b9a0, 24 [pid 5304] munmap(0x7f6a6091c000, 262144 [pid 5305] <... set_robust_list resumed>) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... munmap resumed>) = 0 [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5305] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5304] <... openat resumed>) = 4 [pid 5305] <... open resumed>) = 5 [pid 5304] ioctl(4, LOOP_SET_FD, 3 [pid 5305] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5305] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5305] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5305] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... mount resumed>) = 0 [pid 5305] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5305] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... open resumed>) = 6 [pid 5305] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5305] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5303] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... ioctl resumed>) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] close(3) = 0 [pid 5304] mkdir("./file1", 0777) = 0 [pid 5304] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5305] <... write resumed>) = -1 EIO (Input/output error) [pid 5305] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5305] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5304] ioctl(4, LOOP_CLR_FD) = 0 [pid 5304] close(4) = 0 [pid 5304] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] exit_group(0 [pid 5305] <... futex resumed>) = ? [pid 5305] +++ exited with 0 +++ [pid 5304] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 [ 63.848238][ T5304] loop0: detected capacity change from 0 to 512 [ 63.858793][ T5305] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 63.868915][ T5305] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 63.885968][ T5304] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5306 ./strace-static-x86_64: Process 5306 attached [pid 5306] set_robust_list(0x5555566436a0, 24) = 0 [pid 5306] chdir("./72") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5306] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5307 attached [pid 5307] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5306] <... clone3 resumed> => {parent_tid=[5307]}, 88) = 5307 [pid 5307] <... rseq resumed>) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5307] memfd_create("syzkaller", 0 [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5307] <... memfd_create resumed>) = 3 [pid 5306] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5306] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5307] <... mmap resumed>) = 0x7f6a608fb000 [pid 5306] <... mprotect resumed>) = 0 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5308 attached [pid 5308] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5308] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5306] <... clone3 resumed> => {parent_tid=[5308]}, 88) = 5308 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... open resumed>) = 4 [pid 5308] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] fallocate(-1, 0, 35143, 7 [pid 5306] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5308] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... write resumed>) = 262144 [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] munmap(0x7f6a608fb000, 262144 [pid 5306] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5308] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... mount resumed>) = 0 [pid 5308] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5306] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... open resumed>) = 5 [pid 5308] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... munmap resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5307] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5306] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5308] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5308] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... openat resumed>) = 6 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5307] close(3) = 0 [pid 5307] mkdir("./file1", 0777) = 0 [ 63.991881][ T5307] loop0: detected capacity change from 0 to 512 [ 64.026293][ T5307] EXT4-fs (loop0): 1 orphan inode deleted [pid 5307] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5307] chdir("./file1") = 0 [pid 5307] ioctl(6, LOOP_CLR_FD) = 0 [pid 5307] close(6) = 0 [pid 5307] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] exit_group(0 [pid 5307] <... futex resumed>) = ? [pid 5306] <... exit_group resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5308] <... futex resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 64.032188][ T5307] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.045152][ T5307] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/72/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x5555566436a0, 24) = 0 [pid 5311] chdir("./73") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5311] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5312 attached => {parent_tid=[5312]}, 88) = 5312 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5311] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... rseq resumed>) = 0 [pid 5312] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5312] memfd_create("syzkaller", 0 [pid 5311] <... futex resumed>) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5312] <... memfd_create resumed>) = 3 [pid 5311] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5311] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5312] <... mmap resumed>) = 0x7f6a608fb000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5311] <... mprotect resumed>) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5313 attached [pid 5313] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5312] <... write resumed>) = 262144 [pid 5313] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5312] munmap(0x7f6a608fb000, 262144 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5311] <... clone3 resumed> => {parent_tid=[5313]}, 88) = 5313 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] <... munmap resumed>) = 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5313] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... openat resumed>) = 4 [ 64.085522][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] ioctl(4, LOOP_SET_FD, 3 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 0 [pid 5313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5313] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5313] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5313] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... ioctl resumed>) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5312] close(3 [pid 5311] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5312] <... close resumed>) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... mount resumed>) = 0 [pid 5312] mkdir("./file1", 0777 [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] <... mkdir resumed>) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5312] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5313] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5313] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5311] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... write resumed>) = 262144 [pid 5313] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [ 64.146491][ T5312] loop0: detected capacity change from 0 to 512 [ 64.162764][ T5314] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 64.172445][ T5312] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [ 64.187837][ T5312] EXT4-fs (loop0): get root inode failed [pid 5313] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] exit_group(0 [pid 5313] <... futex resumed>) = ? [pid 5311] <... exit_group resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 [ 64.196276][ T5312] EXT4-fs (loop0): mount failed mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5316 ./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x5555566436a0, 24) = 0 [pid 5316] chdir("./74") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5316] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5317 attached => {parent_tid=[5317]}, 88) = 5317 [pid 5317] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5317] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] memfd_create("syzkaller", 0 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] <... memfd_create resumed>) = 3 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5317] <... mmap resumed>) = 0x7f6a6091c000 [pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5316] <... mmap resumed>) = 0x7f6a608fb000 [pid 5316] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5318 attached [pid 5318] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5317] <... write resumed>) = 262144 [pid 5316] <... clone3 resumed> => {parent_tid=[5318]}, 88) = 5318 [pid 5317] munmap(0x7f6a6091c000, 262144 [pid 5318] <... rseq resumed>) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] <... futex resumed>) = 0 [pid 5318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... munmap resumed>) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5317] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5317] close(3) = 0 [pid 5317] mkdir("./file1", 0777) = 0 [pid 5317] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5318] <... open resumed>) = 4 [pid 5318] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 0 [pid 5318] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5318] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5318] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5318] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5318] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5318] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5317] ioctl(5, LOOP_CLR_FD) = 0 [pid 5317] close(5) = 0 [pid 5317] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] exit_group(0) = ? [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x555556643690) = 5319 [pid 5319] set_robust_list(0x5555566436a0, 24) = 0 [pid 5319] chdir("./75") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [ 64.304538][ T5317] loop0: detected capacity change from 0 to 512 [ 64.305360][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 64.305371][ T28] audit: type=1800 audit(1694896898.215:76): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.342880][ T5317] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5319] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5320]}, 88) = 5320 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5319] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5321 attached ./strace-static-x86_64: Process 5320 attached [pid 5321] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5320] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5321] <... rseq resumed>) = 0 [pid 5320] <... rseq resumed>) = 0 [pid 5321] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5320] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5319] <... clone3 resumed> => {parent_tid=[5321]}, 88) = 5321 [pid 5321] <... set_robust_list resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5321] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... set_robust_list resumed>) = 0 [pid 5319] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... futex resumed>) = 0 [pid 5321] <... open resumed>) = 3 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] memfd_create("syzkaller", 0 [pid 5321] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... memfd_create resumed>) = 4 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5320] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5321] fallocate(-1, 0, 35143, 7 [pid 5319] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5321] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... mount resumed>) = 0 [pid 5320] <... write resumed>) = 262144 [pid 5321] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] munmap(0x7f6a608fb000, 262144) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5320] ioctl(5, LOOP_SET_FD, 4 [pid 5321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5321] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5321] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5319] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... ioctl resumed>) = 0 [pid 5320] close(4) = 0 [pid 5320] mkdir("./file1", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5321] <... write resumed>) = 262144 [ 64.394743][ T28] audit: type=1800 audit(1694896898.305:77): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.426632][ T5320] loop0: detected capacity change from 0 to 512 [pid 5321] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5320] ioctl(5, LOOP_CLR_FD) = 0 [pid 5320] close(5) = 0 [pid 5320] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] exit_group(0 [pid 5320] <... futex resumed>) = ? [pid 5319] <... exit_group resumed>) = ? [pid 5321] <... futex resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 64.446978][ T5320] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5322 attached , child_tidptr=0x555556643690) = 5322 [pid 5322] set_robust_list(0x5555566436a0, 24) = 0 [pid 5322] chdir("./76") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5322] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5322] <... clone3 resumed> => {parent_tid=[5323]}, 88) = 5323 [pid 5323] <... rseq resumed>) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] <... set_robust_list resumed>) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5323] memfd_create("syzkaller", 0) = 3 [pid 5322] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5322] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5322] <... mprotect resumed>) = 0 [pid 5323] <... mmap resumed>) = 0x7f6a608fb000 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5324 attached [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5324] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5324] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5322] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] <... set_robust_list resumed>) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... write resumed>) = 262144 [pid 5323] munmap(0x7f6a608fb000, 262144 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] <... munmap resumed>) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3 [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 0 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5324] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5324] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5324] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5324] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5322] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... ioctl resumed>) = 0 [pid 5323] close(3) = 0 [pid 5323] mkdir("./file1", 0777) = 0 [pid 5323] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5324] <... write resumed>) = -1 EIO (Input/output error) [pid 5324] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [ 64.542999][ T5323] loop0: detected capacity change from 0 to 512 [ 64.549318][ T28] audit: type=1800 audit(1694896898.455:78): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.563441][ T5324] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 64.580038][ T5324] Buffer I/O error on dev loop0, logical block 31, lost async page write [pid 5324] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [pid 5323] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5322] <... exit_group resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached , child_tidptr=0x555556643690) = 5325 [pid 5325] set_robust_list(0x5555566436a0, 24) = 0 [pid 5325] chdir("./77") = 0 [ 64.593563][ T5323] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5325] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5326]}, 88) = 5326 ./strace-static-x86_64: Process 5326 attached [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5326] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] memfd_create("syzkaller", 0 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5326] <... memfd_create resumed>) = 3 [pid 5325] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5325] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5326] <... mmap resumed>) = 0x7f6a608fb000 [pid 5325] <... mprotect resumed>) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5327 attached => {parent_tid=[5327]}, 88) = 5327 [pid 5327] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] <... rseq resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5325] <... futex resumed>) = 0 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5326] munmap(0x7f6a608fb000, 262144) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5326] ioctl(5, LOOP_SET_FD, 3 [pid 5327] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... ioctl resumed>) = 0 [pid 5326] close(3) = 0 [pid 5325] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] fallocate(-1, 0, 35143, 7 [pid 5326] mkdir("./file1", 0777 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5327] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5327] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5327] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5325] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... mkdir resumed>) = 0 [pid 5326] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5327] <... write resumed>) = 262144 [pid 5327] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5326] ioctl(5, LOOP_CLR_FD) = 0 [pid 5326] close(5) = 0 [pid 5326] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] exit_group(0) = ? [pid 5327] <... futex resumed>) = ? [pid 5327] +++ exited with 0 +++ [pid 5326] <... futex resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 [ 64.689012][ T28] audit: type=1800 audit(1694896898.595:79): pid=5327 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.694368][ T5326] loop0: detected capacity change from 0 to 512 [ 64.729835][ T5326] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5328 attached , child_tidptr=0x555556643690) = 5328 [pid 5328] set_robust_list(0x5555566436a0, 24) = 0 [pid 5328] chdir("./78") = 0 [pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5328] setpgid(0, 0) = 0 [pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5328] write(3, "1000", 4) = 4 [pid 5328] close(3) = 0 [pid 5328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5328] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5328] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5329 attached [pid 5329] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5329] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5328] <... clone3 resumed> => {parent_tid=[5329]}, 88) = 5329 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] memfd_create("syzkaller", 0 [pid 5328] <... futex resumed>) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5329] <... memfd_create resumed>) = 3 [pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5328] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5329] <... mmap resumed>) = 0x7f6a608fb000 [pid 5328] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5330]}, 88) = 5330 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5328] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5330] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5330] <... set_robust_list resumed>) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] <... write resumed>) = 262144 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5329] munmap(0x7f6a608fb000, 262144 [pid 5330] <... open resumed>) = 4 [pid 5329] <... munmap resumed>) = 0 [pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5329] ioctl(5, LOOP_SET_FD, 3 [pid 5330] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5330] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5330] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5328] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5328] <... futex resumed>) = 1 [pid 5330] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... mount resumed>) = 0 [pid 5330] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... ioctl resumed>) = 0 [pid 5329] close(3) = 0 [pid 5329] mkdir("./file1", 0777 [pid 5330] <... futex resumed>) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5330] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5330] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5329] <... mkdir resumed>) = 0 [ 64.820782][ T28] audit: type=1800 audit(1694896898.725:80): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.826330][ T5329] loop0: detected capacity change from 0 to 512 [ 64.864675][ T5329] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5329] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5330] <... write resumed>) = 262144 [pid 5330] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5330] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5329] ioctl(5, LOOP_CLR_FD) = 0 [pid 5329] close(5) = 0 [pid 5329] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] exit_group(0 [pid 5330] <... futex resumed>) = ? [pid 5328] <... exit_group resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] <... futex resumed>) = ? [pid 5329] +++ exited with 0 +++ [pid 5328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5328, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5331 attached , child_tidptr=0x555556643690) = 5331 [pid 5331] set_robust_list(0x5555566436a0, 24) = 0 [pid 5331] chdir("./79") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5331] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5332 attached => {parent_tid=[5332]}, 88) = 5332 [pid 5332] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5332] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5332] memfd_create("syzkaller", 0 [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5332] <... memfd_create resumed>) = 3 [pid 5331] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5331] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5333 attached [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5333] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5331] <... clone3 resumed> => {parent_tid=[5333]}, 88) = 5333 [pid 5333] <... rseq resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5331] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] <... write resumed>) = 262144 [pid 5331] <... futex resumed>) = 0 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] munmap(0x7f6a608fb000, 262144) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5333] <... open resumed>) = 4 [pid 5332] <... openat resumed>) = 5 [pid 5332] ioctl(5, LOOP_SET_FD, 3 [pid 5333] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5333] fallocate(-1, 0, 35143, 7 [pid 5332] <... ioctl resumed>) = 0 [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5332] close(3 [pid 5333] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... close resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5332] mkdir("./file1", 0777 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] <... mkdir resumed>) = 0 [pid 5331] <... futex resumed>) = 0 [pid 5333] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... mount resumed>) = 0 [pid 5332] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5333] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... open resumed>) = 3 [pid 5333] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5333] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 64.938736][ T28] audit: type=1800 audit(1694896898.845:81): pid=5333 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.939304][ T5332] loop0: detected capacity change from 0 to 512 [pid 5331] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... write resumed>) = 262144 [pid 5333] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5332] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5332] ioctl(5, LOOP_CLR_FD) = 0 [pid 5332] close(5) = 0 [pid 5332] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] exit_group(0 [pid 5333] <... futex resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5332] <... futex resumed>) = ? [pid 5331] <... exit_group resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5334 attached , child_tidptr=0x555556643690) = 5334 [pid 5334] set_robust_list(0x5555566436a0, 24) = 0 [pid 5334] chdir("./80") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5334] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5335 attached => {parent_tid=[5335]}, 88) = 5335 [pid 5335] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5335] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] <... set_robust_list resumed>) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5335] memfd_create("syzkaller", 0 [pid 5334] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] <... memfd_create resumed>) = 3 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5335] <... mmap resumed>) = 0x7f6a608fb000 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5336]}, 88) = 5336 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5334] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5336 attached ) = 0 [pid 5336] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5336] <... rseq resumed>) = 0 [pid 5336] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5335] <... write resumed>) = 262144 [pid 5335] munmap(0x7f6a608fb000, 262144) = 0 [ 64.992070][ T5332] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5336] <... open resumed>) = 4 [pid 5335] <... openat resumed>) = 5 [pid 5335] ioctl(5, LOOP_SET_FD, 3 [pid 5336] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5336] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... ioctl resumed>) = 0 [pid 5335] close(3) = 0 [pid 5335] mkdir("./file1", 0777 [pid 5336] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5336] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5336] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... mkdir resumed>) = 0 [pid 5335] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5334] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5336] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] <... futex resumed>) = 0 [pid 5336] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [ 65.052327][ T28] audit: type=1800 audit(1694896898.955:82): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 65.053516][ T5335] loop0: detected capacity change from 0 to 512 [pid 5334] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... write resumed>) = 262144 [pid 5336] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5336] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5335] ioctl(5, LOOP_CLR_FD) = 0 [pid 5335] close(5) = 0 [pid 5335] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] exit_group(0 [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] <... futex resumed>) = ? [pid 5334] <... exit_group resumed>) = ? [pid 5335] +++ exited with 0 +++ [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 65.093053][ T5335] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5337 attached , child_tidptr=0x555556643690) = 5337 [pid 5337] set_robust_list(0x5555566436a0, 24) = 0 [pid 5337] chdir("./81") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5337] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5338 attached => {parent_tid=[5338]}, 88) = 5338 [pid 5338] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5338] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5338] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] memfd_create("syzkaller", 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5338] <... memfd_create resumed>) = 3 [pid 5337] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5337] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5338] <... mmap resumed>) = 0x7f6a608fb000 [pid 5337] <... mprotect resumed>) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5339 attached [pid 5339] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5337] <... clone3 resumed> => {parent_tid=[5339]}, 88) = 5339 [pid 5339] <... rseq resumed>) = 0 [pid 5339] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5339] <... set_robust_list resumed>) = 0 [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5337] <... futex resumed>) = 0 [pid 5338] <... write resumed>) = 262144 [pid 5339] <... open resumed>) = 4 [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] munmap(0x7f6a608fb000, 262144 [pid 5339] <... futex resumed>) = 1 [pid 5338] <... munmap resumed>) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5339] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... openat resumed>) = 5 [pid 5338] ioctl(5, LOOP_SET_FD, 3 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5339] fallocate(-1, 0, 35143, 7 [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5339] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5339] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5339] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... mount resumed>) = 0 [pid 5339] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5339] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5339] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... open resumed>) = 6 [pid 5339] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5339] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5339] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5337] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... ioctl resumed>) = 0 [pid 5338] close(3) = 0 [pid 5338] mkdir("./file1", 0777) = 0 [pid 5338] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5339] <... write resumed>) = 262144 [pid 5339] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [ 65.187102][ T28] audit: type=1800 audit(1694896899.095:83): pid=5339 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 65.194902][ T5338] loop0: detected capacity change from 0 to 512 [pid 5339] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5338] ioctl(5, LOOP_CLR_FD) = 0 [pid 5338] close(5) = 0 [pid 5338] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] exit_group(0 [pid 5339] <... futex resumed>) = ? [pid 5337] <... exit_group resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 65.231121][ T5338] EXT4-fs (loop0): VFS: Can't find ext4 filesystem openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5340 attached , child_tidptr=0x555556643690) = 5340 [pid 5340] set_robust_list(0x5555566436a0, 24) = 0 [pid 5340] chdir("./82") = 0 [pid 5340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5340] setpgid(0, 0) = 0 [pid 5340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5340] write(3, "1000", 4) = 4 [pid 5340] close(3) = 0 [pid 5340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5340] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5340] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5341 attached => {parent_tid=[5341]}, 88) = 5341 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5341] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] memfd_create("syzkaller", 0 [pid 5340] <... futex resumed>) = 1 [pid 5341] <... memfd_create resumed>) = 3 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5341] <... mmap resumed>) = 0x7f6a6091c000 [pid 5340] <... mmap resumed>) = 0x7f6a608fb000 [pid 5340] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE [pid 5341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5340] <... mprotect resumed>) = 0 [pid 5340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} => {parent_tid=[5342]}, 88) = 5342 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... write resumed>) = 262144 [pid 5341] munmap(0x7f6a6091c000, 262144) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5341] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5341] <... ioctl resumed>) = 0 [pid 5342] <... rseq resumed>) = 0 [pid 5342] set_robust_list(0x7f6a6091b9a0, 24 [pid 5341] close(3 [pid 5342] <... set_robust_list resumed>) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] <... close resumed>) = 0 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5341] mkdir("./file1", 0777 [pid 5342] <... open resumed>) = 3 [pid 5341] <... mkdir resumed>) = 0 [pid 5341] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5342] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5342] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5342] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5342] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = 262144 [pid 5342] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [ 65.327206][ T5341] loop0: detected capacity change from 0 to 512 [ 65.335949][ T28] audit: type=1800 audit(1694896899.245:84): pid=5342 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5342] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5341] ioctl(4, LOOP_CLR_FD) = 0 [pid 5341] close(4) = 0 [pid 5341] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] exit_group(0) = ? [pid 5342] <... futex resumed>) = ? [pid 5341] <... futex resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5340, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x5555566436a0, 24) = 0 [pid 5343] chdir("./83") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 65.372506][ T5341] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 65.382258][ T5341] EXT4-fs (loop0): group descriptors corrupted! [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5343] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5344 attached [pid 5344] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5343] <... clone3 resumed> => {parent_tid=[5344]}, 88) = 5344 [pid 5344] <... rseq resumed>) = 0 [pid 5344] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... set_robust_list resumed>) = 0 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] memfd_create("syzkaller", 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5344] <... memfd_create resumed>) = 3 [pid 5343] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5343] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5344] <... mmap resumed>) = 0x7f6a608fb000 [pid 5343] <... mprotect resumed>) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5345 attached [pid 5345] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5343] <... clone3 resumed> => {parent_tid=[5345]}, 88) = 5345 [pid 5345] <... rseq resumed>) = 0 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5343] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] <... futex resumed>) = 0 [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5345] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5345] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5345] fallocate(-1, 0, 35143, 7 [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5345] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5345] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5345] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... mount resumed>) = 0 [pid 5345] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... futex resumed>) = 1 [pid 5345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5345] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... futex resumed>) = 1 [pid 5345] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190) = -1 ENOSPC (No space left on device) [pid 5345] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5345] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5344] munmap(0x7f6a608fb000, 262144) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5344] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] mkdir("./file1", 0777) = 0 [ 65.469740][ T28] audit: type=1800 audit(1694896899.375:85): pid=5345 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor126" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 65.479574][ T5344] loop0: detected capacity change from 0 to 512 [pid 5344] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5344] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./file1") = 0 [pid 5344] ioctl(6, LOOP_CLR_FD) = 0 [pid 5344] close(6) = 0 [pid 5344] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] exit_group(0 [pid 5344] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... exit_group resumed>) = ? [pid 5345] <... futex resumed>) = ? [pid 5344] <... futex resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 65.516244][ T5344] EXT4-fs (loop0): 1 orphan inode deleted [ 65.522095][ T5344] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.534796][ T5344] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/83/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5348 attached , child_tidptr=0x555556643690) = 5348 [pid 5348] set_robust_list(0x5555566436a0, 24) = 0 [pid 5348] chdir("./84") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [pid 5348] close(3) = 0 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5348] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5348] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5348] <... clone3 resumed> => {parent_tid=[5349]}, 88) = 5349 [pid 5349] <... rseq resumed>) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] <... set_robust_list resumed>) = 0 [pid 5348] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] <... futex resumed>) = 0 [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] memfd_create("syzkaller", 0 [pid 5348] <... futex resumed>) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5349] <... memfd_create resumed>) = 3 [pid 5348] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5348] <... mprotect resumed>) = 0 [pid 5349] <... mmap resumed>) = 0x7f6a608fb000 [pid 5348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5350 attached => {parent_tid=[5350]}, 88) = 5350 [pid 5350] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] <... rseq resumed>) = 0 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5348] <... futex resumed>) = 0 [pid 5350] <... set_robust_list resumed>) = 0 [pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5350] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [ 65.579027][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5350] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5349] <... write resumed>) = 262144 [pid 5348] <... futex resumed>) = 1 [pid 5350] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5350] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5348] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5350] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] munmap(0x7f6a608fb000, 262144) = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5349] ioctl(5, LOOP_SET_FD, 3 [pid 5350] <... mount resumed>) = 0 [pid 5350] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... ioctl resumed>) = 0 [pid 5350] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5349] close(3 [pid 5350] <... open resumed>) = 6 [pid 5350] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5350] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5350] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5348] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... close resumed>) = 0 [pid 5349] mkdir("./file1", 0777) = 0 [pid 5349] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5350] <... write resumed>) = 262144 [pid 5350] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5349] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5349] ioctl(5, LOOP_CLR_FD [pid 5350] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... ioctl resumed>) = 0 [pid 5349] close(5) = 0 [pid 5349] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5348] <... exit_group resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5349] <... futex resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5351 attached , child_tidptr=0x555556643690) = 5351 [pid 5351] set_robust_list(0x5555566436a0, 24) = 0 [pid 5351] chdir("./85") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 65.644263][ T5349] loop0: detected capacity change from 0 to 512 [ 65.664295][ T5349] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5351] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5351] <... clone3 resumed> => {parent_tid=[5352]}, 88) = 5352 [pid 5352] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] memfd_create("syzkaller", 0 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... memfd_create resumed>) = 3 [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5351] <... futex resumed>) = 0 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a608fb000 [pid 5351] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5353 attached => {parent_tid=[5353]}, 88) = 5353 [pid 5353] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5352] <... write resumed>) = 262144 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] <... rseq resumed>) = 0 [pid 5352] munmap(0x7f6a6091c000, 262144 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] set_robust_list(0x7f6a6091b9a0, 24 [pid 5351] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... set_robust_list resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5352] <... munmap resumed>) = 0 [pid 5353] <... open resumed>) = 4 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5353] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... openat resumed>) = 5 [pid 5353] <... futex resumed>) = 1 [pid 5352] ioctl(5, LOOP_SET_FD, 3 [pid 5351] <... futex resumed>) = 0 [pid 5353] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] <... ioctl resumed>) = 0 [pid 5351] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] <... futex resumed>) = 0 [pid 5352] close(3) = 0 [pid 5352] mkdir("./file1", 0777 [pid 5353] fallocate(-1, 0, 35143, 7 [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5353] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5351] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5351] <... futex resumed>) = 0 [pid 5352] <... mkdir resumed>) = 0 [pid 5353] <... mount resumed>) = 0 [pid 5352] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... open resumed>) = 3 [pid 5353] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5351] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... write resumed>) = 262144 [pid 5353] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5352] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5352] ioctl(5, LOOP_CLR_FD) = 0 [pid 5352] close(5) = 0 [pid 5352] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5351] <... exit_group resumed>) = ? [pid 5353] <... futex resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5354 attached , child_tidptr=0x555556643690) = 5354 [pid 5354] set_robust_list(0x5555566436a0, 24) = 0 [pid 5354] chdir("./86") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [ 65.744830][ T5352] loop0: detected capacity change from 0 to 512 [ 65.760328][ T5352] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 65.772164][ T5352] EXT4-fs (loop0): group descriptors corrupted! [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5354] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5355 attached [pid 5355] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5354] <... clone3 resumed> => {parent_tid=[5355]}, 88) = 5355 [pid 5355] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... set_robust_list resumed>) = 0 [pid 5354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5354] <... futex resumed>) = 0 [pid 5355] memfd_create("syzkaller", 0 [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5355] <... memfd_create resumed>) = 3 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5354] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5355] <... mmap resumed>) = 0x7f6a608fb000 [pid 5354] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5356 attached => {parent_tid=[5356]}, 88) = 5356 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5356] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5356] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5355] <... write resumed>) = 262144 [pid 5356] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5356] fallocate(-1, 0, 35143, 7 [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5356] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5356] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] <... futex resumed>) = 0 [pid 5356] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] munmap(0x7f6a608fb000, 262144 [pid 5356] <... mount resumed>) = 0 [pid 5355] <... munmap resumed>) = 0 [pid 5356] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5356] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] <... futex resumed>) = 0 [pid 5356] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... open resumed>) = 5 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5356] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... openat resumed>) = 6 [pid 5356] <... futex resumed>) = 1 [pid 5355] ioctl(6, LOOP_SET_FD, 3 [pid 5354] <... futex resumed>) = 0 [pid 5356] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] <... futex resumed>) = 0 [pid 5356] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5354] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... ioctl resumed>) = 0 [pid 5355] close(3) = 0 [pid 5355] mkdir("./file1", 0777) = 0 [pid 5355] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5356] <... write resumed>) = 262144 [pid 5356] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5356] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5355] ioctl(6, LOOP_CLR_FD) = 0 [pid 5355] close(6) = 0 [pid 5355] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] exit_group(0) = ? [pid 5355] <... futex resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5356] <... futex resumed>) = ? [pid 5356] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5357 ./strace-static-x86_64: Process 5357 attached [ 65.861448][ T5355] loop0: detected capacity change from 0 to 512 [ 65.887328][ T5355] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5357] set_robust_list(0x5555566436a0, 24) = 0 [pid 5357] chdir("./87") = 0 [pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5357] setpgid(0, 0) = 0 [pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5357] write(3, "1000", 4) = 4 [pid 5357] close(3) = 0 [pid 5357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5357] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5357] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5358] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5357] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] memfd_create("syzkaller", 0 [pid 5357] <... futex resumed>) = 0 [pid 5358] <... memfd_create resumed>) = 3 [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5357] <... futex resumed>) = 0 [pid 5358] <... mmap resumed>) = 0x7f6a6091c000 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a608fb000 [pid 5357] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} => {parent_tid=[5359]}, 88) = 5359 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5357] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5359 attached [pid 5358] <... write resumed>) = 262144 [pid 5359] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5358] munmap(0x7f6a6091c000, 262144 [pid 5359] <... rseq resumed>) = 0 [pid 5359] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5358] <... munmap resumed>) = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5359] <... open resumed>) = 4 [pid 5358] ioctl(5, LOOP_SET_FD, 3 [pid 5359] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5359] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5357] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] fallocate(-1, 0, 35143, 7 [pid 5357] <... futex resumed>) = 0 [pid 5359] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] <... futex resumed>) = 0 [pid 5357] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5359] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5357] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... open resumed>) = 6 [pid 5357] <... futex resumed>) = 0 [pid 5358] <... ioctl resumed>) = 0 [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] close(3 [pid 5359] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... close resumed>) = 0 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] <... futex resumed>) = 0 [pid 5358] mkdir("./file1", 0777 [pid 5357] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5357] <... futex resumed>) = 0 [pid 5358] <... mkdir resumed>) = 0 [pid 5357] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5359] <... write resumed>) = 262144 [pid 5359] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5359] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5358] ioctl(5, LOOP_CLR_FD) = 0 [pid 5358] close(5) = 0 [pid 5358] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] exit_group(0 [pid 5358] <... futex resumed>) = ? [pid 5359] <... futex resumed>) = ? [pid 5357] <... exit_group resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ [pid 5357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 65.968913][ T5358] loop0: detected capacity change from 0 to 512 [ 65.986740][ T5358] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5360 attached , child_tidptr=0x555556643690) = 5360 [pid 5360] set_robust_list(0x5555566436a0, 24) = 0 [pid 5360] chdir("./88") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5360] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5361]}, 88) = 5361 ./strace-static-x86_64: Process 5361 attached [pid 5361] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... rseq resumed>) = 0 [pid 5361] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] memfd_create("syzkaller", 0 [pid 5360] <... futex resumed>) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5360] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5361] <... memfd_create resumed>) = 3 [pid 5360] <... mprotect resumed>) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5360] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5362 attached [pid 5362] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5360] <... clone3 resumed> => {parent_tid=[5362]}, 88) = 5362 [pid 5362] <... rseq resumed>) = 0 [pid 5362] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] <... set_robust_list resumed>) = 0 [pid 5361] <... mmap resumed>) = 0x7f6a608fb000 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5360] <... futex resumed>) = 0 [pid 5362] <... open resumed>) = 4 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... futex resumed>) = 1 [pid 5362] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5362] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5361] <... write resumed>) = 262144 [pid 5362] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5360] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5360] <... futex resumed>) = 0 [pid 5361] munmap(0x7f6a608fb000, 262144 [pid 5362] <... open resumed>) = 5 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5362] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... munmap resumed>) = 0 [pid 5360] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [pid 5362] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5360] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5362] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5360] <... futex resumed>) = 0 [pid 5362] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... openat resumed>) = 6 [pid 5361] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5361] close(3) = 0 [pid 5361] mkdir("./file1", 0777) = 0 [ 66.065769][ T5361] loop0: detected capacity change from 0 to 512 [ 66.086490][ T5361] EXT4-fs (loop0): 1 orphan inode deleted [ 66.092314][ T5361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5361] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5361] chdir("./file1") = 0 [pid 5361] ioctl(6, LOOP_CLR_FD) = 0 [pid 5361] close(6) = 0 [pid 5361] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] exit_group(0 [pid 5361] <... futex resumed>) = ? [pid 5360] <... exit_group resumed>) = ? [pid 5362] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x5555566436a0, 24) = 0 [pid 5365] chdir("./89") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5365 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.111847][ T5361] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.149274][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5365] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5366 attached => {parent_tid=[5366]}, 88) = 5366 [pid 5366] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5365] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... mprotect resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} [pid 5366] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5367 attached [pid 5365] <... clone3 resumed> => {parent_tid=[5367]}, 88) = 5367 [pid 5367] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] <... rseq resumed>) = 0 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5365] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] <... memfd_create resumed>) = 3 [pid 5365] <... futex resumed>) = 0 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5367] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... mmap resumed>) = 0x7f6a608fb000 [pid 5367] <... open resumed>) = 4 [pid 5367] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5365] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5367] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5367] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... mount resumed>) = 0 [pid 5366] <... write resumed>) = 262144 [pid 5366] munmap(0x7f6a608fb000, 262144 [pid 5367] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... munmap resumed>) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5365] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... openat resumed>) = 5 [pid 5365] <... futex resumed>) = 0 [pid 5367] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5366] ioctl(5, LOOP_SET_FD, 3 [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... open resumed>) = 6 [pid 5367] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5367] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5366] <... ioctl resumed>) = 0 [pid 5365] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] close(3) = 0 [pid 5366] mkdir("./file1", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5367] <... write resumed>) = 262144 [pid 5367] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5367] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5366] ioctl(5, LOOP_CLR_FD) = 0 [pid 5366] close(5) = 0 [pid 5366] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] exit_group(0 [pid 5366] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x5555566436a0, 24) = 0 [ 66.240178][ T5366] loop0: detected capacity change from 0 to 512 [ 66.256302][ T5366] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5368] chdir("./90" [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5368 [pid 5368] <... chdir resumed>) = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5368] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5369 attached [pid 5369] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5368] <... clone3 resumed> => {parent_tid=[5369]}, 88) = 5369 [pid 5369] <... rseq resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] <... futex resumed>) = 0 [pid 5369] memfd_create("syzkaller", 0 [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5369] <... memfd_create resumed>) = 3 [pid 5368] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5368] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5370]}, 88) = 5370 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5370] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] fallocate(-1, 0, 35143, 7 [pid 5368] <... futex resumed>) = 0 [pid 5370] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5370] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... write resumed>) = 262144 [pid 5368] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5369] munmap(0x7f6a608fb000, 262144 [pid 5370] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... munmap resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5370] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5370] <... futex resumed>) = 1 [pid 5369] <... openat resumed>) = 6 [pid 5368] <... futex resumed>) = 0 [pid 5370] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5368] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5369] ioctl(6, LOOP_SET_FD, 3 [pid 5368] <... futex resumed>) = 0 [pid 5370] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... ioctl resumed>) = 0 [pid 5370] <... futex resumed>) = 0 [pid 5368] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] close(3) = 0 [pid 5369] mkdir("./file1", 0777) = 0 [ 66.323745][ T5369] loop0: detected capacity change from 0 to 512 [ 66.349124][ T5369] EXT4-fs (loop0): 1 orphan inode deleted [ 66.355042][ T5369] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5369] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file1") = 0 [pid 5369] ioctl(6, LOOP_CLR_FD) = 0 [pid 5369] close(6) = 0 [pid 5369] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 66.368551][ T5369] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.409404][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x5555566436a0, 24) = 0 [pid 5373] chdir("./91") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5373] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5374 attached [pid 5374] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5373] <... clone3 resumed> => {parent_tid=[5374]}, 88) = 5374 [pid 5374] <... rseq resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] memfd_create("syzkaller", 0 [pid 5373] <... futex resumed>) = 0 [pid 5374] <... memfd_create resumed>) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5373] <... mmap resumed>) = 0x7f6a608fb000 [pid 5373] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] <... write resumed>) = 262144 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5374] munmap(0x7f6a6091c000, 262144 [pid 5373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} [pid 5374] <... munmap resumed>) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5374] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5375 attached ) = 0 [pid 5373] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5375] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5374] close(3 [pid 5375] <... rseq resumed>) = 0 [pid 5374] <... close resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5375] set_robust_list(0x7f6a6091b9a0, 24 [pid 5374] mkdir("./file1", 0777 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] <... set_robust_list resumed>) = 0 [pid 5374] <... mkdir resumed>) = 0 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5374] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5375] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 3 [pid 5375] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5373] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] fallocate(-1, 0, 35143, 7 [pid 5373] <... futex resumed>) = 0 [pid 5375] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5375] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 5 [pid 5375] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5373] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... write resumed>) = 262144 [pid 5375] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [ 66.493487][ T5374] loop0: detected capacity change from 0 to 512 [ 66.516762][ T5376] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 66.520490][ T5374] EXT4-fs error (device loop0): __ext4_fill_super:5473: comm syz-executor126: inode #2: comm syz-executor126: iget: illegal inode # [pid 5375] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5374] ioctl(4, LOOP_CLR_FD) = 0 [pid 5374] close(4) = 0 [pid 5374] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] exit_group(0 [pid 5374] <... futex resumed>) = ? [pid 5373] <... exit_group resumed>) = ? [pid 5375] <... futex resumed>) = ? [pid 5375] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5378 ./strace-static-x86_64: Process 5378 attached [ 66.541881][ T5374] EXT4-fs (loop0): get root inode failed [ 66.547812][ T5374] EXT4-fs (loop0): mount failed [pid 5378] set_robust_list(0x5555566436a0, 24) = 0 [pid 5378] chdir("./92") = 0 [pid 5378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5378] setpgid(0, 0) = 0 [pid 5378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5378] write(3, "1000", 4) = 4 [pid 5378] close(3) = 0 [pid 5378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5378] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5378] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5379 attached => {parent_tid=[5379]}, 88) = 5379 [pid 5379] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] <... rseq resumed>) = 0 [pid 5378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5379] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5379] memfd_create("syzkaller", 0 [pid 5378] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5378] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5379] <... memfd_create resumed>) = 3 [pid 5378] <... mprotect resumed>) = 0 [pid 5379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5378] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5379] <... mmap resumed>) = 0x7f6a608fb000 [pid 5378] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0} => {parent_tid=[5380]}, 88) = 5380 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5380 attached [pid 5379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5380] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5380] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5380] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5379] <... write resumed>) = 262144 [pid 5380] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5380] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] <... futex resumed>) = 0 [pid 5380] fallocate(-1, 0, 35143, 7 [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5380] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5380] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] <... futex resumed>) = 0 [pid 5380] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] munmap(0x7f6a608fb000, 262144 [pid 5380] <... mount resumed>) = 0 [pid 5379] <... munmap resumed>) = 0 [pid 5379] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5380] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... openat resumed>) = 5 [pid 5380] <... futex resumed>) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5380] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] <... futex resumed>) = 0 [pid 5380] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] ioctl(5, LOOP_SET_FD, 3 [pid 5380] <... open resumed>) = 6 [pid 5379] <... ioctl resumed>) = 0 [pid 5379] close(3) = 0 [pid 5379] mkdir("./file1", 0777 [pid 5380] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5378] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... mkdir resumed>) = 0 [pid 5379] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5380] <... write resumed>) = 262144 [pid 5380] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5380] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5379] ioctl(5, LOOP_CLR_FD) = 0 [pid 5379] close(5) = 0 [pid 5379] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] exit_group(0 [pid 5379] <... futex resumed>) = ? [pid 5378] <... exit_group resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5380] <... futex resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5378, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 66.643670][ T5379] loop0: detected capacity change from 0 to 512 [ 66.662428][ T5379] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x5555566436a0, 24) = 0 [pid 5381] chdir("./93") = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5381 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5381] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5382 attached [pid 5382] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5382] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5382] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... clone3 resumed> => {parent_tid=[5382]}, 88) = 5382 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5381] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] memfd_create("syzkaller", 0 [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] <... memfd_create resumed>) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a6091c000 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5381] <... mmap resumed>) = 0x7f6a608fb000 [pid 5381] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5382] <... write resumed>) = 262144 [pid 5381] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5382] munmap(0x7f6a6091c000, 262144 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} [pid 5382] <... munmap resumed>) = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5381] <... clone3 resumed> => {parent_tid=[5383]}, 88) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5382] <... openat resumed>) = 4 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] <... rseq resumed>) = 0 [pid 5382] ioctl(4, LOOP_SET_FD, 3 [pid 5383] set_robust_list(0x7f6a6091b9a0, 24 [pid 5382] <... ioctl resumed>) = 0 [pid 5381] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... set_robust_list resumed>) = 0 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] <... futex resumed>) = 0 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] close(3 [pid 5383] <... open resumed>) = 5 [pid 5383] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] <... close resumed>) = 0 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5382] mkdir("./file1", 0777 [pid 5381] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... mkdir resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5383] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5382] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5383] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] <... futex resumed>) = 0 [pid 5383] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... mount resumed>) = 0 [pid 5383] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] <... futex resumed>) = 0 [pid 5381] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5383] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] <... futex resumed>) = 0 [pid 5383] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5381] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... write resumed>) = 262144 [pid 5383] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5383] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5382] ioctl(4, LOOP_CLR_FD) = 0 [pid 5382] close(4) = 0 [pid 5382] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] exit_group(0 [pid 5383] <... futex resumed>) = ? [pid 5381] <... exit_group resumed>) = ? [pid 5383] +++ exited with 0 +++ [pid 5382] <... futex resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5381, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5384 attached , child_tidptr=0x555556643690) = 5384 [pid 5384] set_robust_list(0x5555566436a0, 24) = 0 [pid 5384] chdir("./94") = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [ 66.752337][ T5382] loop0: detected capacity change from 0 to 512 [ 66.772420][ T5382] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5384] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5385 attached => {parent_tid=[5385]}, 88) = 5385 [pid 5385] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] <... set_robust_list resumed>) = 0 [pid 5384] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] <... futex resumed>) = 0 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] memfd_create("syzkaller", 0 [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] <... memfd_create resumed>) = 3 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5384] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5385] <... mmap resumed>) = 0x7f6a608fb000 [pid 5384] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5386 attached => {parent_tid=[5386]}, 88) = 5386 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] <... rseq resumed>) = 0 [pid 5384] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5384] <... futex resumed>) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5386] <... open resumed>) = 4 [pid 5385] <... write resumed>) = 262144 [pid 5385] munmap(0x7f6a608fb000, 262144 [pid 5386] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5386] fallocate(-1, 0, 35143, 7 [pid 5385] <... munmap resumed>) = 0 [pid 5386] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... openat resumed>) = 5 [pid 5384] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5386] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5385] ioctl(5, LOOP_SET_FD, 3 [pid 5386] <... mount resumed>) = 0 [pid 5385] <... ioctl resumed>) = 0 [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] close(3) = 0 [pid 5385] mkdir("./file1", 0777) = 0 [pid 5385] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5386] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5386] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5386] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5384] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... write resumed>) = 262144 [pid 5386] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5386] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5385] ioctl(5, LOOP_CLR_FD) = 0 [pid 5385] close(5) = 0 [pid 5385] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] exit_group(0 [pid 5386] <... futex resumed>) = ? [pid 5385] <... futex resumed>) = ? [pid 5384] <... exit_group resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5384, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 [ 66.863608][ T5385] loop0: detected capacity change from 0 to 512 [ 66.890030][ T5385] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 66.899899][ T5385] EXT4-fs (loop0): group descriptors corrupted! close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5387 attached , child_tidptr=0x555556643690) = 5387 [pid 5387] set_robust_list(0x5555566436a0, 24) = 0 [pid 5387] chdir("./95") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5387] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5388 attached => {parent_tid=[5388]}, 88) = 5388 [pid 5388] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] <... set_robust_list resumed>) = 0 [pid 5387] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] <... futex resumed>) = 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] memfd_create("syzkaller", 0 [pid 5387] <... futex resumed>) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5388] <... memfd_create resumed>) = 3 [pid 5387] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5387] <... mprotect resumed>) = 0 [pid 5388] <... mmap resumed>) = 0x7f6a608fb000 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5387] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5387] <... clone3 resumed> => {parent_tid=[5389]}, 88) = 5389 [pid 5389] set_robust_list(0x7f6a68d1b9a0, 24) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5387] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... open resumed>) = 4 [pid 5389] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... write resumed>) = 262144 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5389] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] munmap(0x7f6a608fb000, 262144 [pid 5389] <... mount resumed>) = 0 [pid 5389] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5387] <... futex resumed>) = 0 [pid 5389] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5388] <... munmap resumed>) = 0 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... open resumed>) = 5 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5389] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... openat resumed>) = 6 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] ioctl(6, LOOP_SET_FD, 3 [pid 5389] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5388] <... ioctl resumed>) = 0 [pid 5388] close(3) = 0 [pid 5388] mkdir("./file1", 0777) = 0 [pid 5388] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5389] <... write resumed>) = 262144 [pid 5389] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5388] ioctl(6, LOOP_CLR_FD) = 0 [pid 5388] close(6) = 0 [pid 5388] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] exit_group(0 [pid 5389] <... futex resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ [pid 5387] <... exit_group resumed>) = ? [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 66.986353][ T5388] loop0: detected capacity change from 0 to 512 [ 67.004021][ T5388] EXT4-fs (loop0): VFS: Can't find ext4 filesystem newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556643690) = 5390 ./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x5555566436a0, 24) = 0 [pid 5390] chdir("./96") = 0 [pid 5390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5390] setpgid(0, 0) = 0 [pid 5390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5390] write(3, "1000", 4) = 4 [pid 5390] close(3) = 0 [pid 5390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5390] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5390] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5391 attached [pid 5391] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5390] <... clone3 resumed> => {parent_tid=[5391]}, 88) = 5391 [pid 5391] <... rseq resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5390] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... futex resumed>) = 0 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] memfd_create("syzkaller", 0 [pid 5390] <... futex resumed>) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5391] <... memfd_create resumed>) = 3 [pid 5390] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5390] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE [pid 5391] <... mmap resumed>) = 0x7f6a608fb000 [pid 5390] <... mprotect resumed>) = 0 [pid 5391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5390] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5392] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] <... set_robust_list resumed>) = 0 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... write resumed>) = 262144 [pid 5390] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] munmap(0x7f6a608fb000, 262144 [pid 5390] <... futex resumed>) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5392] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5391] <... munmap resumed>) = 0 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5392] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] <... openat resumed>) = 5 [pid 5391] ioctl(5, LOOP_SET_FD, 3 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5392] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5392] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5392] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] write(6, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5391] <... ioctl resumed>) = 0 [pid 5391] close(3) = 0 [pid 5391] mkdir("./file1", 0777) = 0 [pid 5391] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5392] <... write resumed>) = 262144 [pid 5392] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5392] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5391] ioctl(5, LOOP_CLR_FD) = 0 [pid 5391] close(5) = 0 [pid 5391] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] exit_group(0 [pid 5391] <... futex resumed>) = ? [pid 5390] <... exit_group resumed>) = ? [pid 5392] <... futex resumed>) = ? [pid 5391] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5390, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 67.087587][ T5391] loop0: detected capacity change from 0 to 512 [ 67.102798][ T5391] EXT4-fs (loop0): VFS: Can't find ext4 filesystem rmdir("./96/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5393 attached , child_tidptr=0x555556643690) = 5393 [pid 5393] set_robust_list(0x5555566436a0, 24) = 0 [pid 5393] chdir("./97") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5393] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5394 attached => {parent_tid=[5394]}, 88) = 5394 [pid 5394] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5393] <... futex resumed>) = 0 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5394] <... mmap resumed>) = 0x7f6a6091c000 [pid 5393] <... mmap resumed>) = 0x7f6a608fb000 [pid 5393] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0} [pid 5394] <... write resumed>) = 262144 [pid 5394] munmap(0x7f6a6091c000, 262144) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5395 attached [pid 5395] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5393] <... clone3 resumed> => {parent_tid=[5395]}, 88) = 5395 [pid 5395] <... rseq resumed>) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] set_robust_list(0x7f6a6091b9a0, 24 [pid 5394] <... ioctl resumed>) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] <... set_robust_list resumed>) = 0 [pid 5394] close(3 [pid 5393] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] <... close resumed>) = 0 [pid 5393] <... futex resumed>) = 0 [pid 5394] mkdir("./file1", 0777 [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 3 [pid 5394] <... mkdir resumed>) = 0 [pid 5394] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5395] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5395] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5393] <... futex resumed>) = 1 [pid 5395] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... mount resumed>) = 0 [pid 5395] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] <... futex resumed>) = 0 [pid 5395] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... open resumed>) = 5 [pid 5395] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5393] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... write resumed>) = 262144 [pid 5395] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [pid 5394] close(4) = 0 [pid 5394] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] exit_group(0 [pid 5395] <... futex resumed>) = ? [pid 5394] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5395] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 67.188966][ T5394] loop0: detected capacity change from 0 to 512 [ 67.213697][ T5394] EXT4-fs (loop0): get root inode failed [ 67.219859][ T5394] EXT4-fs (loop0): mount failed clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5398 attached [pid 5398] set_robust_list(0x5555566436a0, 24) = 0 [pid 5398] chdir("./98") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] <... clone resumed>, child_tidptr=0x555556643690) = 5398 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5398] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5399 attached => {parent_tid=[5399]}, 88) = 5399 [pid 5399] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] <... rseq resumed>) = 0 [pid 5399] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] memfd_create("syzkaller", 0 [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... memfd_create resumed>) = 3 [pid 5398] <... futex resumed>) = 0 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5399] <... mmap resumed>) = 0x7f6a6091c000 [pid 5398] <... mmap resumed>) = 0x7f6a608fb000 [pid 5398] mprotect(0x7f6a608fc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a6091b990, parent_tid=0x7f6a6091b990, exit_signal=0, stack=0x7f6a608fb000, stack_size=0x20300, tls=0x7f6a6091b6c0}./strace-static-x86_64: Process 5400 attached [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5400] rseq(0x7f6a6091bfe0, 0x20, 0, 0x53053053 [pid 5398] <... clone3 resumed> => {parent_tid=[5400]}, 88) = 5400 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... write resumed>) = 262144 [pid 5399] munmap(0x7f6a6091c000, 262144 [pid 5400] <... rseq resumed>) = 0 [pid 5399] <... munmap resumed>) = 0 [pid 5400] set_robust_list(0x7f6a6091b9a0, 24) = 0 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5400] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5400] <... open resumed>) = 4 [pid 5400] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... openat resumed>) = 5 [pid 5398] <... futex resumed>) = 0 [pid 5399] ioctl(5, LOOP_SET_FD, 3 [pid 5398] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5399] <... ioctl resumed>) = 0 [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5399] close(3 [pid 5400] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... close resumed>) = 0 [pid 5398] <... futex resumed>) = 0 [pid 5399] mkdir("./file1", 0777 [pid 5398] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5400] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... mount resumed>) = 0 [pid 5400] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5400] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5400] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5398] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... mkdir resumed>) = 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5400] <... write resumed>) = 262144 [pid 5400] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5400] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5399] ioctl(5, LOOP_CLR_FD) = 0 [pid 5399] close(5) = 0 [pid 5399] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] exit_group(0) = ? [pid 5400] <... futex resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x555556643690) = 5401 [pid 5401] set_robust_list(0x5555566436a0, 24) = 0 [pid 5401] chdir("./99") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [ 67.308958][ T5399] loop0: detected capacity change from 0 to 512 [ 67.330091][ T5399] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5401] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0} => {parent_tid=[5402]}, 88) = 5402 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5402 attached [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68cfb000 [pid 5401] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5403 attached [pid 5402] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053 [pid 5403] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053 [pid 5401] <... clone3 resumed> => {parent_tid=[5403]}, 88) = 5403 [pid 5403] <... rseq resumed>) = 0 [pid 5402] <... rseq resumed>) = 0 [pid 5403] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5402] set_robust_list(0x7f6a68d3c9a0, 24 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] <... set_robust_list resumed>) = 0 [pid 5402] <... set_robust_list resumed>) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] memfd_create("syzkaller", 0 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] <... memfd_create resumed>) = 3 [pid 5401] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5401] <... futex resumed>) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5402] <... mmap resumed>) = 0x7f6a608fb000 [pid 5403] <... open resumed>) = 4 [pid 5403] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] fallocate(-1, 0, 35143, 7) = -1 EBADF (Bad file descriptor) [pid 5403] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5401] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 5403] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5401] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... open resumed>) = 5 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... write resumed>) = 262144 [pid 5403] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] munmap(0x7f6a608fb000, 262144 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... munmap resumed>) = 0 [pid 5401] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5401] <... futex resumed>) = 1 [pid 5403] write(5, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5402] <... openat resumed>) = 6 [pid 5401] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5402] ioctl(6, LOOP_SET_FD, 3 [pid 5403] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5402] <... ioctl resumed>) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./file1", 0777) = 0 [pid 5402] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 5402] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file1") = 0 [pid 5402] ioctl(6, LOOP_CLR_FD) = 0 [pid 5402] close(6) = 0 [pid 5402] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] exit_group(0) = ? [pid 5402] <... futex resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5403] <... futex resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556644730 /* 5 entries */, 32768) = 136 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 67.437179][ T5402] loop0: detected capacity change from 0 to 512 [ 67.456601][ T5402] EXT4-fs (loop0): 1 orphan inode deleted [ 67.462397][ T5402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.475010][ T5402] ext4 filesystem being mounted at /root/syzkaller.rPZj0Z/99/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555664c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555664c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x555556644730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5406 attached , child_tidptr=0x555556643690) = 5406 [pid 5406] set_robust_list(0x5555566436a0, 24) = 0 [pid 5406] chdir("./100") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7f6a68e086cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a68da5f30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a68d970e0}, NULL, 8) = 0 [pid 5406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a68d1c000 [pid 5406] mprotect(0x7f6a68d1d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d3c990, parent_tid=0x7f6a68d3c990, exit_signal=0, stack=0x7f6a68d1c000, stack_size=0x20300, tls=0x7f6a68d3c6c0}./strace-static-x86_64: Process 5407 attached [pid 5407] rseq(0x7f6a68d3cfe0, 0x20, 0, 0x53053053) = 0 [pid 5407] set_robust_list(0x7f6a68d3c9a0, 24) = 0 [pid 5406] <... clone3 resumed> => {parent_tid=[5407]}, 88) = 5407 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] futex(0x7f6a68e086c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] futex(0x7f6a68e086c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] memfd_create("syzkaller", 0 [pid 5406] <... futex resumed>) = 0 [pid 5407] <... memfd_create resumed>) = 3 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 67.518597][ T5028] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a608fb000 [pid 5406] <... mmap resumed>) = 0x7f6a68cfb000 [pid 5406] mprotect(0x7f6a68cfc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a68d1b990, parent_tid=0x7f6a68d1b990, exit_signal=0, stack=0x7f6a68cfb000, stack_size=0x20300, tls=0x7f6a68d1b6c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f6a68d1bfe0, 0x20, 0, 0x53053053) = 0 [pid 5406] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5406] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] set_robust_list(0x7f6a68d1b9a0, 24 [pid 5407] <... write resumed>) = 262144 [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] munmap(0x7f6a608fb000, 262144 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5407] <... munmap resumed>) = 0 [pid 5408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5408] <... open resumed>) = 4 [pid 5408] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... openat resumed>) = 5 [pid 5407] ioctl(5, LOOP_SET_FD, 3 [pid 5408] <... futex resumed>) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5408] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] fallocate(-1, 0, 35143, 7 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... ioctl resumed>) = 0 [pid 5407] close(3) = 0 [pid 5407] mkdir("./file1", 0777 [pid 5408] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5408] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5408] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 5406] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... mkdir resumed>) = 0 [pid 5407] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 5408] <... mount resumed>) = 0 [pid 5406] <... futex resumed>) = 0 [pid 5408] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] futex(0x7f6a68e086d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5408] futex(0x7f6a68e086dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5408] <... futex resumed>) = 1 [pid 5406] futex(0x7f6a68e086d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] write(3, "\x00\xbf\xd1\x68\x73\x7b\x26\x9a\x7e\x32\xe9\x93\xce\x10\x60\x42\xaa\xa5\xc8\x9f\x1a\xa1\x52\xd7\xab\xe5\xbb\xaa\x9c\xac\x31\xb2\x75\x03\xdf\x50\x07\x14\xd7\x94\x63\x48\x62\xc1\xe6\x0c\x6e\x22\xf9\x25\x56\x71\x3c\x0f\xe9\xf4\xe1\xdc\x7d\x5c\xea\x09\x88\xba\xf0\x3e\xfe\xbb\x63\xbd\x7a\x59\x83\xf0\x81\xf8\x11\xf1\x97\xb7\x8a\x5f\x5e\x95\x83\x8c\xc9\x0e\x44\xd8\x37\x7d\x0e\x0d\xc5\xbf\xcc\xf5\xb2\x4d"..., 22455190 [pid 5406] <... futex resumed>) = 0 [ 67.589237][ T5407] loop0: detected capacity change from 0 to 512 [ 67.610314][ T5408] ------------[ cut here ]------------ [ 67.615921][ T5408] kernel BUG at fs/buffer.c:2028! [ 67.620957][ T5408] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 67.627007][ T5408] CPU: 1 PID: 5408 Comm: syz-executor126 Not tainted 6.6.0-rc1-syzkaller-00196-g57d88e8a5974 #0 [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5406] futex(0x7f6a68e086dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 67.637393][ T5408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 67.647446][ T5408] RIP: 0010:__block_write_begin_int+0x18f7/0x1a40 [ 67.653900][ T5408] Code: 1f 07 85 ff 48 8b 7c 24 08 48 c7 c6 e0 21 18 8b e8 fe 89 c6 ff 0f 0b e8 07 07 85 ff eb 13 e8 00 07 85 ff eb c7 e8 f9 06 85 ff <0f> 0b e8 f2 06 85 ff 48 8b 7c 24 08 48 c7 c6 e0 21 18 8b e8 d1 89 [ 67.673490][ T5408] RSP: 0018:ffffc90004c9f520 EFLAGS: 00010293 [ 67.679544][ T5408] RAX: ffffffff82089ca7 RBX: 0000000000040000 RCX: ffff88801dad5940 [ 67.687495][ T5408] RDX: 0000000000000000 RSI: 0000000000040000 RDI: 00000000000dc000 [ 67.695449][ T5408] RBP: ffffc90004c9f6b0 R08: ffffffff82088d12 R09: 1ffff1100ebfdd22 [ 67.703402][ T5408] R10: dffffc0000000000 R11: ffffed100ebfdd23 R12: 00000000000dc000 [ 67.711366][ T5408] R13: 0000000000000400 R14: 0000000000000000 R15: ffff888075fee910 [ 67.719332][ T5408] FS: 00007f6a68d1b6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 67.728247][ T5408] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5406] exit_group(0) = ? [ 67.734812][ T5408] CR2: 0000000020042000 CR3: 0000000027861000 CR4: 00000000003506e0 [ 67.742773][ T5408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.750731][ T5408] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.758711][ T5408] Call Trace: [ 67.762002][ T5408] [ 67.764923][ T5408] ? __die_body+0x8b/0xe0 [ 67.769265][ T5408] ? die+0xa1/0xd0 [ 67.772983][ T5408] ? do_trap+0x153/0x380 [ 67.777252][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.783060][ T5408] ? do_error_trap+0x1dc/0x2c0 [ 67.787807][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.793596][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.799383][ T5408] ? do_int3+0x50/0x50 [ 67.803441][ T5408] ? report_bug+0x3e4/0x500 [ 67.807944][ T5408] ? handle_invalid_op+0x34/0x40 [ 67.812861][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.818646][ T5408] ? exc_invalid_op+0x33/0x50 [ 67.823316][ T5408] ? asm_exc_invalid_op+0x1a/0x20 [ 67.828329][ T5408] ? __block_write_begin_int+0x962/0x1a40 [ 67.834030][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.839815][ T5408] ? __block_write_begin_int+0x18f7/0x1a40 [ 67.845610][ T5408] ? folio_add_lru+0x6f0/0x6f0 [ 67.850381][ T5408] ? folio_zero_new_buffers+0x530/0x530 [ 67.855911][ T5408] ? __filemap_get_folio+0x8f1/0xbb0 [ 67.861179][ T5408] iomap_write_begin+0xaf6/0x1f00 [ 67.866194][ T5408] ? bio_next_folio+0x630/0x630 [ 67.871032][ T5408] ? rcu_lock_release+0x5/0x30 [ 67.875780][ T5408] ? __lock_acquire+0x7f70/0x7f70 [ 67.880789][ T5408] ? fault_in_readable+0x1a6/0x2b0 [ 67.885882][ T5408] ? fault_in_safe_writeable+0x260/0x260 [ 67.891498][ T5408] ? fault_in_iov_iter_readable+0xdf/0x280 [ 67.897285][ T5408] iomap_file_buffered_write+0x587/0x1020 [ 67.902995][ T5408] ? iomap_set_range_dirty+0x1e0/0x1e0 [ 67.908436][ T5408] ? __mnt_want_write+0x87/0x2b0 [ 67.913364][ T5408] ? __mark_inode_dirty+0x3e7/0xd90 [ 67.918544][ T5408] ? preempt_count_add+0x93/0x180 [ 67.923550][ T5408] ? __mnt_drop_write_file+0xbb/0x100 [ 67.928914][ T5408] ? file_update_time+0x19c/0x1b0 [ 67.933929][ T5408] blkdev_write_iter+0x3f5/0x5b0 [ 67.938853][ T5408] vfs_write+0x782/0xaf0 [ 67.943082][ T5408] ? file_end_write+0x250/0x250 [ 67.947914][ T5408] ? __fget_files+0x3cf/0x440 [ 67.952575][ T5408] ? __fdget_pos+0x1df/0x340 [ 67.957149][ T5408] ? ksys_write+0x7b/0x2c0 [ 67.961555][ T5408] ksys_write+0x1a0/0x2c0 [ 67.965883][ T5408] ? __ia32_sys_read+0x90/0x90 [ 67.970637][ T5408] ? syscall_enter_from_user_mode+0x32/0x230 [ 67.976608][ T5408] ? syscall_enter_from_user_mode+0x8c/0x230 [ 67.982574][ T5408] do_syscall_64+0x41/0xc0 [ 67.986975][ T5408] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.992851][ T5408] RIP: 0033:0x7f6a68d7fb19 [ 67.997254][ T5408] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 68.016850][ T5408] RSP: 002b:00007f6a68d1b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.025267][ T5408] RAX: ffffffffffffffda RBX: 00007f6a68e086d8 RCX: 00007f6a68d7fb19 [ 68.033223][ T5408] RDX: 000000000156a396 RSI: 0000000020002a40 RDI: 0000000000000003 [ 68.041176][ T5408] RBP: 00007f6a68e086d0 R08: 0000000000000000 R09: 0000000000000000 [ 68.049137][ T5408] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a68dd46d0 [ 68.057097][ T5408] R13: 00007f6a68dd40c0 R14: 0031656c69662f2e R15: 6f6f6c2f7665642f [ 68.065059][ T5408] [ 68.068073][ T5408] Modules linked in: [ 68.072336][ T5408] ---[ end trace 0000000000000000 ]--- [ 68.077810][ T5408] RIP: 0010:__block_write_begin_int+0x18f7/0x1a40 [ 68.084251][ T5408] Code: 1f 07 85 ff 48 8b 7c 24 08 48 c7 c6 e0 21 18 8b e8 fe 89 c6 ff 0f 0b e8 07 07 85 ff eb 13 e8 00 07 85 ff eb c7 e8 f9 06 85 ff <0f> 0b e8 f2 06 85 ff 48 8b 7c 24 08 48 c7 c6 e0 21 18 8b e8 d1 89 [ 68.104041][ T5408] RSP: 0018:ffffc90004c9f520 EFLAGS: 00010293 [ 68.110118][ T5408] RAX: ffffffff82089ca7 RBX: 0000000000040000 RCX: ffff88801dad5940 [ 68.118124][ T5408] RDX: 0000000000000000 RSI: 0000000000040000 RDI: 00000000000dc000 [ 68.126395][ T5408] RBP: ffffc90004c9f6b0 R08: ffffffff82088d12 R09: 1ffff1100ebfdd22 [ 68.134423][ T5408] R10: dffffc0000000000 R11: ffffed100ebfdd23 R12: 00000000000dc000 [ 68.142427][ T5408] R13: 0000000000000400 R14: 0000000000000000 R15: ffff888075fee910 [ 68.150382][ T5408] FS: 00007f6a68d1b6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 68.159389][ T5408] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.166001][ T5408] CR2: 0000000020042000 CR3: 0000000027861000 CR4: 00000000003506e0 [ 68.173988][ T5408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.182009][ T5408] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.190076][ T5408] Kernel panic - not syncing: Fatal exception [ 68.196300][ T5408] Kernel Offset: disabled [ 68.200612][ T5408] Rebooting in 86400 seconds..