./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor663077527 <...> Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. execve("./syz-executor663077527", ["./syz-executor663077527"], 0x7ffc57d8a2d0 /* 10 vars */) = 0 brk(NULL) = 0x555577320000 brk(0x555577320e00) = 0x555577320e00 arch_prctl(ARCH_SET_FS, 0x555577320480) = 0 set_tid_address(0x555577320750) = 5083 set_robust_list(0x555577320760, 24) = 0 rseq(0x555577320da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor663077527", 4096) = 27 getrandom("\x53\xd8\xee\xf1\xfe\xc5\xf6\x5a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555577320e00 brk(0x555577341e00) = 0x555577341e00 brk(0x555577342000) = 0x555577342000 mprotect(0x7fb11b493000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fb11b3e8940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb11b3f1670}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fb11b3e8940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb11b3f1670}, NULL, 8) = 0 mkdir("./syzkaller.SPKsY5", 0700) = 0 chmod("./syzkaller.SPKsY5", 0777) = 0 chdir("./syzkaller.SPKsY5") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555577320760, 24 [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5084 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5084] chdir("./0") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5084] munmap(0x7fb112e00000, 138412032) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] close(4) = 0 [pid 5084] mkdir("./bus", 0777) = 0 [ 76.985147][ T5084] loop0: detected capacity change from 0 to 512 [pid 5084] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./bus") = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5084] mkdir("./bus", 0777) = 0 [pid 5084] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5084] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 77.032968][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.045571][ T5084] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5084] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5084] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5084] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 77.110339][ T28] audit: type=1800 audit(1713679958.959:2): pid=5084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 77.133718][ T28] audit: type=1800 audit(1713679958.989:3): pid=5084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 77.173926][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x555577320760, 24) = 0 [pid 5089] chdir("./1") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5089] munmap(0x7fb112e00000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] close(4) = 0 [pid 5089] mkdir("./bus", 0777) = 0 [ 77.351115][ T5089] loop0: detected capacity change from 0 to 512 [pid 5089] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./bus") = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5089] mkdir("./bus", 0777) = 0 [pid 5089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5089] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5089] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 77.407297][ T5089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.420116][ T5089] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/1/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5089] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5089] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 77.459715][ T28] audit: type=1800 audit(1713679959.309:4): pid=5089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 77.481053][ T28] audit: type=1800 audit(1713679959.309:5): pid=5089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 77.530111][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x555577320750) = 5092 [pid 5092] set_robust_list(0x555577320760, 24) = 0 [pid 5092] chdir("./2") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5092] munmap(0x7fb112e00000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./bus", 0777) = 0 [ 77.734962][ T5092] loop0: detected capacity change from 0 to 512 [ 77.769705][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5092] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./bus") = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] mkdir("./bus", 0777) = 0 [pid 5092] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5092] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 77.782452][ T5092] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/2/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5092] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5092] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5092] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 77.854695][ T28] audit: type=1800 audit(1713679959.709:6): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 77.877000][ T28] audit: type=1800 audit(1713679959.729:7): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 77.912419][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555577320750) = 5095 [pid 5095] set_robust_list(0x555577320760, 24) = 0 [pid 5095] chdir("./3") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5095] munmap(0x7fb112e00000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] close(4) = 0 [pid 5095] mkdir("./bus", 0777) = 0 [ 78.064925][ T5095] loop0: detected capacity change from 0 to 512 [pid 5095] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5095] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./bus") = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.116427][ T5095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.129324][ T5095] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5095] mkdir("./bus", 0777) = 0 [pid 5095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5095] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5095] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5095] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5095] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5095] exit_group(0) = ? [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 78.223281][ T28] audit: type=1800 audit(1713679960.079:8): pid=5095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 78.244168][ T28] audit: type=1800 audit(1713679960.079:9): pid=5095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 78.299669][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x555577320750) = 5098 [pid 5098] set_robust_list(0x555577320760, 24) = 0 [pid 5098] chdir("./4") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5098] munmap(0x7fb112e00000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./bus", 0777) = 0 [ 78.464694][ T5098] loop0: detected capacity change from 0 to 512 [pid 5098] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./bus") = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.516060][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.528604][ T5098] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5098] mkdir("./bus", 0777) = 0 [pid 5098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5098] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5098] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5098] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5098] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 78.597236][ T28] audit: type=1800 audit(1713679960.449:10): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 78.618195][ T28] audit: type=1800 audit(1713679960.459:11): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 [ 78.676822][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x555577320750) = 5101 [pid 5101] set_robust_list(0x555577320760, 24) = 0 [pid 5101] chdir("./5") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5101] munmap(0x7fb112e00000, 138412032) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] close(4) = 0 [pid 5101] mkdir("./bus", 0777) = 0 [ 78.914657][ T5101] loop0: detected capacity change from 0 to 512 [pid 5101] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5101] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./bus") = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.956399][ T5101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.969014][ T5101] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5101] mkdir("./bus", 0777) = 0 [pid 5101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5101] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5101] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5101] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5101] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5101] exit_group(0) = ? [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 79.057440][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555577320750) = 5104 [pid 5104] set_robust_list(0x555577320760, 24) = 0 [pid 5104] chdir("./6") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5104] munmap(0x7fb112e00000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] close(4) = 0 [pid 5104] mkdir("./bus", 0777) = 0 [ 79.246914][ T5104] loop0: detected capacity change from 0 to 512 [pid 5104] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./bus") = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5104] mkdir("./bus", 0777) = 0 [pid 5104] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5104] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5104] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5104] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5104] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 79.285934][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.298565][ T5104] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/6/bus supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.366021][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x555577320750) = 5107 [pid 5107] set_robust_list(0x555577320760, 24) = 0 [pid 5107] chdir("./7") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5107] munmap(0x7fb112e00000, 138412032) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] close(4) = 0 [pid 5107] mkdir("./bus", 0777) = 0 [ 79.525517][ T5107] loop0: detected capacity change from 0 to 512 [pid 5107] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./bus") = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5107] mkdir("./bus", 0777) = 0 [pid 5107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 79.566230][ T5107] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.578885][ T5107] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5107] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5107] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5107] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5107] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5107] exit_group(0) = ? [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 79.690394][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555577320750) = 5110 [pid 5110] set_robust_list(0x555577320760, 24) = 0 [pid 5110] chdir("./8") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5110] munmap(0x7fb112e00000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./bus", 0777) = 0 [ 79.953743][ T5110] loop0: detected capacity change from 0 to 512 [pid 5110] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./bus") = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.006556][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.019647][ T5110] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5110] mkdir("./bus", 0777) = 0 [pid 5110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5110] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5110] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5110] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5110] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 80.091271][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x555577320750) = 5114 [pid 5114] set_robust_list(0x555577320760, 24) = 0 [pid 5114] chdir("./9") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5114] munmap(0x7fb112e00000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] close(4) = 0 [pid 5114] mkdir("./bus", 0777) = 0 [ 80.313584][ T5114] loop0: detected capacity change from 0 to 512 [ 80.346679][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5114] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./bus") = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5114] mkdir("./bus", 0777) = 0 [pid 5114] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5114] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5114] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5114] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5114] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 80.359319][ T5114] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/9/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.439891][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x555577320750) = 5117 [pid 5117] set_robust_list(0x555577320760, 24) = 0 [pid 5117] chdir("./10") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5117] munmap(0x7fb112e00000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] close(4) = 0 [pid 5117] mkdir("./bus", 0777) = 0 [ 80.683117][ T5117] loop0: detected capacity change from 0 to 512 [pid 5117] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./bus") = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5117] mkdir("./bus", 0777) = 0 [pid 5117] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5117] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5117] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5117] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5117] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 80.730564][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.743162][ T5117] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/10/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 80.796251][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x555577320750) = 5120 [pid 5120] set_robust_list(0x555577320760, 24) = 0 [pid 5120] chdir("./11") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5120] munmap(0x7fb112e00000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] close(4) = 0 [pid 5120] mkdir("./bus", 0777) = 0 [ 80.955384][ T5120] loop0: detected capacity change from 0 to 512 [pid 5120] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./bus") = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5120] mkdir("./bus", 0777) = 0 [pid 5120] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5120] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5120] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5120] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5120] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5120] exit_group(0) = ? [ 81.006615][ T5120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.019701][ T5120] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/11/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 81.086992][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x555577320750) = 5123 [pid 5123] set_robust_list(0x555577320760, 24) = 0 [pid 5123] chdir("./12") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5123] munmap(0x7fb112e00000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] close(4) = 0 [pid 5123] mkdir("./bus", 0777) = 0 [ 81.271876][ T5123] loop0: detected capacity change from 0 to 512 [pid 5123] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./bus") = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 81.348832][ T5123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.361969][ T5123] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/12/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5123] mkdir("./bus", 0777) = 0 [pid 5123] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5123] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5123] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5123] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5123] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5123] exit_group(0) = ? [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 81.579757][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x555577320750) = 5126 [pid 5126] set_robust_list(0x555577320760, 24) = 0 [pid 5126] chdir("./13") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5126] munmap(0x7fb112e00000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] close(4) = 0 [pid 5126] mkdir("./bus", 0777) = 0 [ 81.802987][ T5126] loop0: detected capacity change from 0 to 512 [pid 5126] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./bus") = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5126] mkdir("./bus", 0777) = 0 [pid 5126] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5126] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5126] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5126] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 81.866540][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.879569][ T5126] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/13/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5126] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 81.954605][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x555577320750) = 5129 [pid 5129] set_robust_list(0x555577320760, 24) = 0 [pid 5129] chdir("./14") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5129] munmap(0x7fb112e00000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./bus", 0777) = 0 [ 82.121953][ T5129] loop0: detected capacity change from 0 to 512 [ 82.155498][ T5129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5129] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5129] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./bus") = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5129] mkdir("./bus", 0777) = 0 [pid 5129] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5129] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5129] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [ 82.168284][ T5129] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/14/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.194994][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 82.195010][ T28] audit: type=1800 audit(1713679964.049:30): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5129] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5129] exit_group(0) = ? [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 82.223683][ T28] audit: type=1800 audit(1713679964.079:31): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.268774][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5132 attached , child_tidptr=0x555577320750) = 5132 [pid 5132] set_robust_list(0x555577320760, 24) = 0 [pid 5132] chdir("./15") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5132] munmap(0x7fb112e00000, 138412032) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] close(4) = 0 [pid 5132] mkdir("./bus", 0777) = 0 [ 82.433746][ T5132] loop0: detected capacity change from 0 to 512 [pid 5132] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./bus") = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5132] mkdir("./bus", 0777) = 0 [ 82.486546][ T5132] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.499146][ T5132] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/15/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5132] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5132] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5132] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5132] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5132] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5132] exit_group(0) = ? [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 82.569193][ T28] audit: type=1800 audit(1713679964.419:32): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 82.591342][ T28] audit: type=1800 audit(1713679964.449:33): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.665927][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x555577320760, 24) = 0 [pid 5135] chdir("./16" [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5135 [pid 5135] <... chdir resumed>) = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7fb112e00000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./bus", 0777) = 0 [pid 5135] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./bus") = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5135] mkdir("./bus", 0777) = 0 [pid 5135] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5135] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5135] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 82.833171][ T5135] loop0: detected capacity change from 0 to 512 [ 82.858215][ T5135] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.870889][ T5135] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/16/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5135] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5135] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 82.896927][ T28] audit: type=1800 audit(1713679964.749:34): pid=5135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 82.919189][ T28] audit: type=1800 audit(1713679964.779:35): pid=5135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.954986][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x555577320750) = 5138 [pid 5138] set_robust_list(0x555577320760, 24) = 0 [pid 5138] chdir("./17") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5138] munmap(0x7fb112e00000, 138412032) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] close(4) = 0 [pid 5138] mkdir("./bus", 0777) = 0 [ 83.164415][ T5138] loop0: detected capacity change from 0 to 512 [pid 5138] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5138] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./bus") = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5138] mkdir("./bus", 0777) = 0 [pid 5138] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5138] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5138] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 83.216729][ T5138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.229374][ T5138] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/17/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5138] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5138] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5138] exit_group(0) = ? [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 83.258412][ T28] audit: type=1800 audit(1713679965.109:36): pid=5138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 83.281066][ T28] audit: type=1800 audit(1713679965.129:37): pid=5138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.335132][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached , child_tidptr=0x555577320750) = 5141 [pid 5141] set_robust_list(0x555577320760, 24) = 0 [pid 5141] chdir("./18") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7fb112e00000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] close(4) = 0 [pid 5141] mkdir("./bus", 0777) = 0 [ 83.484345][ T5141] loop0: detected capacity change from 0 to 512 [pid 5141] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./bus") = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5141] mkdir("./bus", 0777) = 0 [ 83.535935][ T5141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.548924][ T5141] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/18/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5141] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5141] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5141] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5141] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5141] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 83.613439][ T28] audit: type=1800 audit(1713679965.469:38): pid=5141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 83.634336][ T28] audit: type=1800 audit(1713679965.469:39): pid=5141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.689709][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x555577320750) = 5144 [pid 5144] set_robust_list(0x555577320760, 24) = 0 [pid 5144] chdir("./19") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5144] munmap(0x7fb112e00000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] close(4) = 0 [pid 5144] mkdir("./bus", 0777) = 0 [ 83.913395][ T5144] loop0: detected capacity change from 0 to 512 [pid 5144] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5144] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./bus") = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5144] mkdir("./bus", 0777) = 0 [pid 5144] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5144] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 83.956034][ T5144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.968583][ T5144] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/19/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5144] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5144] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5144] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5144] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5144] exit_group(0) = ? [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 [ 84.061929][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5147 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x555577320760, 24) = 0 [pid 5147] chdir("./20") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7fb112e00000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] close(4) = 0 [pid 5147] mkdir("./bus", 0777) = 0 [ 84.297554][ T5147] loop0: detected capacity change from 0 to 512 [pid 5147] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./bus") = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5147] mkdir("./bus", 0777) = 0 [pid 5147] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5147] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5147] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5147] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5147] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 84.336240][ T5147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.349034][ T5147] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/20/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 84.467159][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5150 attached , child_tidptr=0x555577320750) = 5150 [pid 5150] set_robust_list(0x555577320760, 24) = 0 [pid 5150] chdir("./21") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5150] munmap(0x7fb112e00000, 138412032) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] close(4) = 0 [pid 5150] mkdir("./bus", 0777) = 0 [ 84.638900][ T5150] loop0: detected capacity change from 0 to 512 [pid 5150] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./bus") = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5150] mkdir("./bus", 0777) = 0 [pid 5150] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5150] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5150] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5150] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5150] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 84.685947][ T5150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.698830][ T5150] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/21/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5150] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5150] exit_group(0) = ? [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 84.789225][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x555577320760, 24) = 0 [pid 5153] chdir("./22") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5153] munmap(0x7fb112e00000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] close(4) = 0 [pid 5153] mkdir("./bus", 0777) = 0 [pid 5153] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./bus") = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5153] mkdir("./bus", 0777) = 0 [pid 5153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5153] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5153] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5153] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5153] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5153] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5153] exit_group(0) = ? [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 84.942313][ T5153] loop0: detected capacity change from 0 to 512 [ 84.967131][ T5153] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.979738][ T5153] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/22/bus supports timestamps until 2038-01-19 (0x7fffffff) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 85.043910][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x555577320750) = 5156 [pid 5156] set_robust_list(0x555577320760, 24) = 0 [pid 5156] chdir("./23") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5156] munmap(0x7fb112e00000, 138412032) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] close(4) = 0 [pid 5156] mkdir("./bus", 0777) = 0 [ 85.207068][ T5156] loop0: detected capacity change from 0 to 512 [ 85.240428][ T5156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5156] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./bus") = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5156] mkdir("./bus", 0777) = 0 [pid 5156] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5156] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5156] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5156] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5156] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5156] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5156] exit_group(0) = ? [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 85.253024][ T5156] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/23/bus supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.340005][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x555577320760, 24) = 0 [pid 5159] chdir("./24" [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5159 [pid 5159] <... chdir resumed>) = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5159] munmap(0x7fb112e00000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] close(4) = 0 [pid 5159] mkdir("./bus", 0777) = 0 [ 85.476023][ T5159] loop0: detected capacity change from 0 to 512 [pid 5159] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./bus") = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5159] mkdir("./bus", 0777) = 0 [pid 5159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5159] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 85.516108][ T5159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.528826][ T5159] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/24/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5159] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5159] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5159] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5159] exit_group(0) = ? [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.605528][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555577320750) = 5162 [pid 5162] set_robust_list(0x555577320760, 24) = 0 [pid 5162] chdir("./25") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5162] munmap(0x7fb112e00000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] close(4) = 0 [pid 5162] mkdir("./bus", 0777) = 0 [ 85.736642][ T5162] loop0: detected capacity change from 0 to 512 [pid 5162] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./bus") = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5162] mkdir("./bus", 0777) = 0 [pid 5162] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5162] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 85.796400][ T5162] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.809249][ T5162] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/25/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5162] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5162] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5162] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5162] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5162] exit_group(0) = ? [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.894530][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x555577320750) = 5165 [pid 5165] set_robust_list(0x555577320760, 24) = 0 [pid 5165] chdir("./26") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5165] munmap(0x7fb112e00000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] close(4) = 0 [pid 5165] mkdir("./bus", 0777) = 0 [ 86.137584][ T5165] loop0: detected capacity change from 0 to 512 [pid 5165] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./bus") = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 86.206156][ T5165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.219370][ T5165] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/26/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5165] mkdir("./bus", 0777) = 0 [pid 5165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5165] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5165] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5165] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5165] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5165] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5165] exit_group(0) = ? [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 86.313876][ T24] cfg80211: failed to load regulatory.db umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 86.361685][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x555577320750) = 5168 [pid 5168] set_robust_list(0x555577320760, 24) = 0 [pid 5168] chdir("./27") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5168] munmap(0x7fb112e00000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] close(4) = 0 [pid 5168] mkdir("./bus", 0777) = 0 [ 86.571593][ T5168] loop0: detected capacity change from 0 to 512 [pid 5168] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5168] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./bus") = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5168] mkdir("./bus", 0777) = 0 [pid 5168] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5168] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5168] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5168] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5168] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5168] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5168] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.616041][ T5168] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.629027][ T5168] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/27/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 [ 86.688139][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x555577320750) = 5171 [pid 5171] set_robust_list(0x555577320760, 24) = 0 [pid 5171] chdir("./28") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7fb112e00000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./bus", 0777) = 0 [ 86.875183][ T5171] loop0: detected capacity change from 0 to 512 [pid 5171] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./bus") = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5171] mkdir("./bus", 0777) = 0 [pid 5171] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5171] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5171] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5171] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5171] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 86.919147][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.931969][ T5171] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/28/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5171] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 86.994652][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x555577320750) = 5175 [pid 5175] set_robust_list(0x555577320760, 24) = 0 [pid 5175] chdir("./29") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5175] munmap(0x7fb112e00000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [ 87.133270][ T5175] loop0: detected capacity change from 0 to 512 [ 87.166913][ T5175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5175] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5175] mkdir("./bus", 0777) = 0 [pid 5175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5175] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5175] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5175] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 87.179567][ T5175] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.221676][ T28] kauditd_printk_skb: 20 callbacks suppressed [pid 5175] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 87.221697][ T28] audit: type=1800 audit(1713679969.079:60): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 87.248776][ T28] audit: type=1800 audit(1713679969.079:61): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 [ 87.302020][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached , child_tidptr=0x555577320750) = 5178 [pid 5178] set_robust_list(0x555577320760, 24) = 0 [pid 5178] chdir("./30") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5178] munmap(0x7fb112e00000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./bus", 0777) = 0 [ 87.513466][ T5178] loop0: detected capacity change from 0 to 512 [pid 5178] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./bus") = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5178] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 87.565861][ T5178] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.578769][ T5178] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/30/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5178] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5178] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5178] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5178] exit_group(0) = ? [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 87.641782][ T28] audit: type=1800 audit(1713679969.499:62): pid=5178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 87.662722][ T28] audit: type=1800 audit(1713679969.499:63): pid=5178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 87.726357][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x555577320750) = 5181 [pid 5181] set_robust_list(0x555577320760, 24) = 0 [pid 5181] chdir("./31") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5181] munmap(0x7fb112e00000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] close(4) = 0 [pid 5181] mkdir("./bus", 0777) = 0 [ 87.943206][ T5181] loop0: detected capacity change from 0 to 512 [ 87.977391][ T5181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5181] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./bus") = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5181] mkdir("./bus", 0777) = 0 [pid 5181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5181] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5181] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 87.989971][ T5181] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/31/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5181] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5181] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 88.043413][ T28] audit: type=1800 audit(1713679969.899:64): pid=5181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 88.065491][ T28] audit: type=1800 audit(1713679969.919:65): pid=5181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 88.091243][ T5083] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x555577320750) = 5184 [pid 5184] set_robust_list(0x555577320760, 24) = 0 [pid 5184] chdir("./32") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5184] munmap(0x7fb112e00000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./bus") = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.233636][ T5184] loop0: detected capacity change from 0 to 512 [ 88.268765][ T5184] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/32/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5184] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5184] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5184] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5184] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 88.341362][ T28] audit: type=1800 audit(1713679970.189:66): pid=5184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 88.363932][ T28] audit: type=1800 audit(1713679970.219:67): pid=5184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x555577320760, 24) = 0 [pid 5187] chdir("./33") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5187] munmap(0x7fb112e00000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] close(4) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [ 88.556691][ T5187] loop0: detected capacity change from 0 to 512 [pid 5187] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./bus") = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5187] mkdir("./bus", 0777) = 0 [pid 5187] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5187] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5187] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 88.596346][ T5187] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/33/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5187] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5187] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5187] exit_group(0) = ? [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 88.634416][ T28] audit: type=1800 audit(1713679970.489:68): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 88.655764][ T28] audit: type=1800 audit(1713679970.499:69): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x555577320750) = 5190 [pid 5190] set_robust_list(0x555577320760, 24) = 0 [pid 5190] chdir("./34") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5190] munmap(0x7fb112e00000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] close(4) = 0 [pid 5190] mkdir("./bus", 0777) = 0 [ 88.905607][ T5190] loop0: detected capacity change from 0 to 512 [pid 5190] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./bus") = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] mkdir("./bus", 0777) = 0 [pid 5190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5190] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5190] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5190] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5190] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5190] exit_group(0) = ? [ 88.955838][ T5190] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/34/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached , child_tidptr=0x555577320750) = 5193 [pid 5193] set_robust_list(0x555577320760, 24) = 0 [pid 5193] chdir("./35") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7fb112e00000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [ 89.263599][ T5193] loop0: detected capacity change from 0 to 512 [pid 5193] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5193] mkdir("./bus", 0777) = 0 [pid 5193] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5193] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5193] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 89.315941][ T5193] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/35/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5193] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5193] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x555577320760, 24) = 0 [pid 5196] chdir("./36") = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5196 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5196] munmap(0x7fb112e00000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./bus", 0777) = 0 [ 89.575189][ T5196] loop0: detected capacity change from 0 to 512 [pid 5196] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./bus") = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5196] mkdir("./bus", 0777) = 0 [pid 5196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5196] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5196] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [ 89.617364][ T5196] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/36/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5196] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5196] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5196] exit_group(0) = ? [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555577320760, 24) = 0 [pid 5200] chdir("./37") = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5200 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5200] munmap(0x7fb112e00000, 138412032) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] close(4) = 0 [pid 5200] mkdir("./bus", 0777) = 0 [ 89.902654][ T5200] loop0: detected capacity change from 0 to 512 [pid 5200] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5200] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./bus") = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5200] mkdir("./bus", 0777) = 0 [pid 5200] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5200] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 89.956262][ T5200] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/37/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5200] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5200] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5200] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5200] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5200] exit_group(0) = ? [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached , child_tidptr=0x555577320750) = 5203 [pid 5203] set_robust_list(0x555577320760, 24) = 0 [pid 5203] chdir("./38") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5203] munmap(0x7fb112e00000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] close(4) = 0 [pid 5203] mkdir("./bus", 0777) = 0 [ 90.216278][ T5203] loop0: detected capacity change from 0 to 512 [pid 5203] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5203] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./bus") = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5203] mkdir("./bus", 0777) = 0 [pid 5203] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5203] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5203] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5203] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5203] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5203] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 90.268287][ T5203] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/38/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5203] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached , child_tidptr=0x555577320750) = 5206 [pid 5206] set_robust_list(0x555577320760, 24) = 0 [pid 5206] chdir("./39") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5206] munmap(0x7fb112e00000, 138412032) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] close(4) = 0 [pid 5206] mkdir("./bus", 0777) = 0 [ 90.581268][ T5206] loop0: detected capacity change from 0 to 512 [pid 5206] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5206] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./bus") = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5206] mkdir("./bus", 0777) = 0 [pid 5206] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5206] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5206] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5206] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5206] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5206] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5206] exit_group(0) = ? [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.636082][ T5206] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/39/bus supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached , child_tidptr=0x555577320750) = 5209 [pid 5209] set_robust_list(0x555577320760, 24) = 0 [pid 5209] chdir("./40") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5209] munmap(0x7fb112e00000, 138412032) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] close(4) = 0 [pid 5209] mkdir("./bus", 0777) = 0 [pid 5209] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5209] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./bus") = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5209] mkdir("./bus", 0777) = 0 [pid 5209] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 90.890168][ T5209] loop0: detected capacity change from 0 to 512 [ 90.927964][ T5209] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/40/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5209] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5209] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5209] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5209] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5209] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5209] exit_group(0) = ? [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x555577320760, 24) = 0 [pid 5212] chdir("./41") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5212] munmap(0x7fb112e00000, 138412032) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] close(4) = 0 [pid 5212] mkdir("./bus", 0777) = 0 [ 91.281201][ T5212] loop0: detected capacity change from 0 to 512 [pid 5212] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5212] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./bus") = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5212] mkdir("./bus", 0777) = 0 [pid 5212] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5212] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 91.326503][ T5212] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/41/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5212] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5212] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5212] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5212] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5212] exit_group(0) = ? [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x555577320760, 24) = 0 [pid 5215] chdir("./42") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5215] munmap(0x7fb112e00000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./bus", 0777) = 0 [pid 5215] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./bus") = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5215] mkdir("./bus", 0777) = 0 [pid 5215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5215] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5215] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [ 91.673375][ T5215] loop0: detected capacity change from 0 to 512 [ 91.707886][ T5215] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/42/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5215] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5215] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5215] exit_group(0) = ? [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x555577320750) = 5218 [pid 5218] set_robust_list(0x555577320760, 24) = 0 [pid 5218] chdir("./43") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5218] munmap(0x7fb112e00000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [ 91.993298][ T5218] loop0: detected capacity change from 0 to 512 [pid 5218] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./bus") = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5218] mkdir("./bus", 0777) = 0 [pid 5218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5218] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5218] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5218] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5218] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 92.036476][ T5218] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/43/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached , child_tidptr=0x555577320750) = 5221 [pid 5221] set_robust_list(0x555577320760, 24) = 0 [pid 5221] chdir("./44") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5221] munmap(0x7fb112e00000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] close(4) = 0 [pid 5221] mkdir("./bus", 0777) = 0 [pid 5221] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./bus") = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.270321][ T5221] loop0: detected capacity change from 0 to 512 [ 92.307462][ T5221] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/44/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5221] mkdir("./bus", 0777) = 0 [pid 5221] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5221] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5221] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5221] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5221] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5221] exit_group(0) = ? [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 92.361777][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 92.361796][ T28] audit: type=1800 audit(1713679974.209:90): pid=5221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 92.389336][ T28] audit: type=1800 audit(1713679974.219:91): pid=5221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x555577320750) = 5224 [pid 5224] set_robust_list(0x555577320760, 24) = 0 [pid 5224] chdir("./45") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7fb112e00000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./bus", 0777) = 0 [ 92.546527][ T5224] loop0: detected capacity change from 0 to 512 [pid 5224] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./bus") = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5224] mkdir("./bus", 0777) = 0 [pid 5224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5224] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5224] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [ 92.606582][ T5224] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/45/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5224] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5224] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.653020][ T28] audit: type=1800 audit(1713679974.509:92): pid=5224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 92.674271][ T28] audit: type=1800 audit(1713679974.509:93): pid=5224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x555577320750) = 5228 [pid 5228] set_robust_list(0x555577320760, 24) = 0 [pid 5228] chdir("./46") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5228] munmap(0x7fb112e00000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./bus", 0777) = 0 [ 92.974378][ T5228] loop0: detected capacity change from 0 to 512 [pid 5228] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5228] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./bus") = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5228] mkdir("./bus", 0777) = 0 [pid 5228] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5228] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5228] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 93.036721][ T5228] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/46/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5228] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5228] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5228] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 [ 93.096814][ T28] audit: type=1800 audit(1713679974.949:94): pid=5228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 93.118126][ T28] audit: type=1800 audit(1713679974.949:95): pid=5228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x555577320750) = 5231 [pid 5231] set_robust_list(0x555577320760, 24) = 0 [pid 5231] chdir("./47") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5231] munmap(0x7fb112e00000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./bus", 0777) = 0 [pid 5231] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./bus") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5231] mkdir("./bus", 0777) = 0 [pid 5231] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5231] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5231] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 93.331259][ T5231] loop0: detected capacity change from 0 to 512 [ 93.367187][ T5231] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/47/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5231] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5231] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5231] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5231] exit_group(0) = ? [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 93.414196][ T28] audit: type=1800 audit(1713679975.269:96): pid=5231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 93.436571][ T28] audit: type=1800 audit(1713679975.289:97): pid=5231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x555577320750) = 5234 [pid 5234] set_robust_list(0x555577320760, 24) = 0 [pid 5234] chdir("./48") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5234] munmap(0x7fb112e00000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./bus", 0777) = 0 [pid 5234] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./bus") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5234] mkdir("./bus", 0777) = 0 [pid 5234] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5234] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5234] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 93.671365][ T5234] loop0: detected capacity change from 0 to 512 [ 93.706471][ T5234] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/48/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5234] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5234] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 93.740384][ T28] audit: type=1800 audit(1713679975.589:98): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 93.761582][ T28] audit: type=1800 audit(1713679975.589:99): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x555577320750) = 5237 [pid 5237] set_robust_list(0x555577320760, 24) = 0 [pid 5237] chdir("./49") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5237] munmap(0x7fb112e00000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./bus", 0777) = 0 [ 94.046928][ T5237] loop0: detected capacity change from 0 to 512 [pid 5237] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./bus") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5237] mkdir("./bus", 0777) = 0 [pid 5237] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5237] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5237] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 94.096115][ T5237] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/49/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5237] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5237] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x555577320750) = 5240 [pid 5240] set_robust_list(0x555577320760, 24) = 0 [pid 5240] chdir("./50") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5240] munmap(0x7fb112e00000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./bus", 0777) = 0 [ 94.421342][ T5240] loop0: detected capacity change from 0 to 512 [pid 5240] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./bus") = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5240] mkdir("./bus", 0777) = 0 [pid 5240] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5240] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5240] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5240] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5240] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5240] exit_group(0) = ? [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 94.475849][ T5240] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/50/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached , child_tidptr=0x555577320750) = 5243 [pid 5243] set_robust_list(0x555577320760, 24) = 0 [pid 5243] chdir("./51") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5243] munmap(0x7fb112e00000, 138412032) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./bus", 0777) = 0 [ 94.704838][ T5243] loop0: detected capacity change from 0 to 512 [pid 5243] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./bus") = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5243] mkdir("./bus", 0777) = 0 [pid 5243] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5243] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5243] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5243] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5243] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5243] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5243] exit_group(0) = ? [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 94.746474][ T5243] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/51/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x555577320760, 24) = 0 [pid 5247] chdir("./52" [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5247 [pid 5247] <... chdir resumed>) = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5247] munmap(0x7fb112e00000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./bus", 0777) = 0 [ 94.942286][ T5247] loop0: detected capacity change from 0 to 512 [pid 5247] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./bus") = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5247] mkdir("./bus", 0777) = 0 [pid 5247] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5247] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 94.996017][ T5247] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/52/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5247] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5247] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5247] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5247] exit_group(0) = ? [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x555577320760, 24) = 0 [pid 5250] chdir("./53") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0 [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5250 [pid 5250] <... setpgid resumed>) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5250] munmap(0x7fb112e00000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./bus", 0777) = 0 [ 95.282264][ T5250] loop0: detected capacity change from 0 to 512 [pid 5250] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./bus") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5250] mkdir("./bus", 0777) = 0 [pid 5250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5250] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5250] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 95.326423][ T5250] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/53/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5250] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5250] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5250] exit_group(0) = ? [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x555577320750) = 5253 [pid 5253] set_robust_list(0x555577320760, 24) = 0 [pid 5253] chdir("./54") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5253] munmap(0x7fb112e00000, 138412032) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] close(4) = 0 [pid 5253] mkdir("./bus", 0777) = 0 [ 95.635115][ T5253] loop0: detected capacity change from 0 to 512 [pid 5253] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./bus") = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5253] mkdir("./bus", 0777) = 0 [pid 5253] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5253] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5253] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5253] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5253] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5253] exit_group(0) = ? [ 95.676998][ T5253] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/54/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x555577320760, 24) = 0 [pid 5256] chdir("./55") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5256] munmap(0x7fb112e00000, 138412032) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] close(4) = 0 [pid 5256] mkdir("./bus", 0777) = 0 [pid 5256] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5256] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./bus") = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5256] mkdir("./bus", 0777) = 0 [pid 5256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 95.971867][ T5256] loop0: detected capacity change from 0 to 512 [ 96.006901][ T5256] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/55/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5256] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5256] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5256] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5256] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5256] exit_group(0) = ? [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x555577320760, 24) = 0 [pid 5259] chdir("./56") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0 [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5259 [pid 5259] <... setpgid resumed>) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5259] munmap(0x7fb112e00000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] close(4) = 0 [pid 5259] mkdir("./bus", 0777) = 0 [ 96.286279][ T5259] loop0: detected capacity change from 0 to 512 [pid 5259] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5259] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./bus") = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5259] mkdir("./bus", 0777) = 0 [pid 5259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5259] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 96.331089][ T5259] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/56/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5259] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5259] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5259] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5259] exit_group(0) = ? [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x555577320750) = 5262 [pid 5262] set_robust_list(0x555577320760, 24) = 0 [pid 5262] chdir("./57") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5262] munmap(0x7fb112e00000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] close(4) = 0 [pid 5262] mkdir("./bus", 0777) = 0 [pid 5262] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5262] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./bus") = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5262] mkdir("./bus", 0777) = 0 [pid 5262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5262] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 96.651759][ T5262] loop0: detected capacity change from 0 to 512 [ 96.687077][ T5262] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/57/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5262] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5262] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5262] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5262] exit_group(0) = ? [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5265 attached , child_tidptr=0x555577320750) = 5265 [pid 5265] set_robust_list(0x555577320760, 24) = 0 [pid 5265] chdir("./58") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] memfd_create("syzkaller", 0) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5265] munmap(0x7fb112e00000, 138412032) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] close(4) = 0 [pid 5265] mkdir("./bus", 0777) = 0 [ 96.982382][ T5265] loop0: detected capacity change from 0 to 512 [ 97.020653][ T5265] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/58/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5265] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5265] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./bus") = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5265] mkdir("./bus", 0777) = 0 [pid 5265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5265] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5265] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5265] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5265] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5265] exit_group(0) = ? [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555577320750) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x555577320760, 24) = 0 [pid 5268] chdir("./59") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5268] munmap(0x7fb112e00000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] close(4) = 0 [pid 5268] mkdir("./bus", 0777) = 0 [ 97.291930][ T5268] loop0: detected capacity change from 0 to 512 [pid 5268] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./bus") = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5268] mkdir("./bus", 0777) = 0 [pid 5268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5268] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5268] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 97.356717][ T5268] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/59/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5268] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5268] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5268] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5268] exit_group(0) = ? [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 [ 97.404862][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 97.404880][ T28] audit: type=1800 audit(1713679979.259:120): pid=5268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 97.433472][ T28] audit: type=1800 audit(1713679979.289:121): pid=5268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5271 attached , child_tidptr=0x555577320750) = 5271 [pid 5271] set_robust_list(0x555577320760, 24) = 0 [pid 5271] chdir("./60") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5271] munmap(0x7fb112e00000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] close(4) = 0 [pid 5271] mkdir("./bus", 0777) = 0 [ 97.683516][ T5271] loop0: detected capacity change from 0 to 512 [pid 5271] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5271] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./bus") = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5271] mkdir("./bus", 0777) = 0 [pid 5271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5271] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 97.726887][ T5271] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/60/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5271] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5271] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5271] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5271] exit_group(0) = ? [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 97.796552][ T28] audit: type=1800 audit(1713679979.649:122): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 97.817611][ T28] audit: type=1800 audit(1713679979.649:123): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x555577320750) = 5275 [pid 5275] set_robust_list(0x555577320760, 24) = 0 [pid 5275] chdir("./61") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5275] munmap(0x7fb112e00000, 138412032) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] close(4) = 0 [pid 5275] mkdir("./bus", 0777) = 0 [ 98.006203][ T5275] loop0: detected capacity change from 0 to 512 [pid 5275] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./bus") = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5275] mkdir("./bus", 0777) = 0 [pid 5275] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5275] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5275] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 98.046321][ T5275] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/61/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5275] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5275] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5275] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 98.092149][ T28] audit: type=1800 audit(1713679979.949:124): pid=5275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 98.114479][ T28] audit: type=1800 audit(1713679979.969:125): pid=5275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555577320750) = 5278 [pid 5278] set_robust_list(0x555577320760, 24) = 0 [pid 5278] chdir("./62") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5278] munmap(0x7fb112e00000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] mkdir("./bus", 0777) = 0 [pid 5278] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5278] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./bus") = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5278] mkdir("./bus", 0777) = 0 [pid 5278] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5278] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5278] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 98.270475][ T5278] loop0: detected capacity change from 0 to 512 [ 98.307606][ T5278] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/62/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5278] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5278] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5278] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5278] exit_group(0) = ? [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 98.343482][ T28] audit: type=1800 audit(1713679980.199:126): pid=5278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 98.364803][ T28] audit: type=1800 audit(1713679980.219:127): pid=5278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x555577320750) = 5281 [pid 5281] set_robust_list(0x555577320760, 24) = 0 [pid 5281] chdir("./63") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5281] munmap(0x7fb112e00000, 138412032) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] close(4) = 0 [pid 5281] mkdir("./bus", 0777) = 0 [ 98.574565][ T5281] loop0: detected capacity change from 0 to 512 [pid 5281] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5281] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./bus") = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5281] mkdir("./bus", 0777) = 0 [pid 5281] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5281] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 98.636343][ T5281] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/63/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5281] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5281] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5281] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5281] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5281] exit_group(0) = ? [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.699632][ T28] audit: type=1800 audit(1713679980.549:128): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 98.720663][ T28] audit: type=1800 audit(1713679980.549:129): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor663" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x555577320750) = 5284 [pid 5284] set_robust_list(0x555577320760, 24) = 0 [pid 5284] chdir("./64") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5284] munmap(0x7fb112e00000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] close(4) = 0 [pid 5284] mkdir("./bus", 0777) = 0 [ 98.962925][ T5284] loop0: detected capacity change from 0 to 512 [pid 5284] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5284] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./bus") = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5284] mkdir("./bus", 0777) = 0 [pid 5284] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5284] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5284] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5284] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5284] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5284] exit_group(0) = ? [ 99.006543][ T5284] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/64/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555773217f0 /* 4 entries */, 32768) = 104 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555577329830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555577329830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555773217f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x555577320760, 24) = 0 [pid 5287] chdir("./65" [pid 5083] <... clone resumed>, child_tidptr=0x555577320750) = 5287 [pid 5287] <... chdir resumed>) = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb112e00000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5287] munmap(0x7fb112e00000, 138412032) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] close(4) = 0 [pid 5287] mkdir("./bus", 0777) = 0 [ 99.301829][ T5287] loop0: detected capacity change from 0 to 512 [pid 5287] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5287] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./bus") = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5287] mkdir("./bus", 0777) = 0 [pid 5287] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5287] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5287] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5287] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 99.347131][ T5287] ext4 filesystem being mounted at /root/syzkaller.SPKsY5/65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 99.404388][ T5287] ------------[ cut here ]------------ [ 99.409892][ T5287] Looking for class "&ei->i_data_sem" with key init_once.__key.798, but found a different class "&ei->i_data_sem" with the same key [ 99.423526][ T5287] WARNING: CPU: 0 PID: 5287 at kernel/locking/lockdep.c:935 look_up_lock_class+0xdc/0x160 [ 99.433455][ T5287] Modules linked in: [ 99.437351][ T5287] CPU: 0 PID: 5287 Comm: syz-executor663 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 [ 99.447772][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 99.457817][ T5287] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 99.463536][ T5287] Code: 01 0f 85 80 00 00 00 c6 05 9c c1 13 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 40 d9 ca 8b e8 75 ca d8 f5 90 <0f> 0b 90 90 eb 57 90 e8 68 c7 2b f9 48 c7 c7 80 d8 ca 8b 89 de e8 [ 99.483135][ T5287] RSP: 0018:ffffc90002fcf3f0 EFLAGS: 00010046 [ 99.489198][ T5287] RAX: ec9203e15ec89900 RBX: ffffffff92c67fc8 RCX: ffff888022bb1e00 [ 99.497160][ T5287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.505130][ T5287] RBP: ffffc90002fcf500 R08: ffffffff81588072 R09: 1ffff1101728519a [ 99.513104][ T5287] R10: dffffc0000000000 R11: ffffed101728519b R12: ffff888077a1a088 [ 99.521073][ T5287] R13: ffff888077a1a088 R14: ffff888077a1a088 R15: ffffffff9485aec1 [ 99.529039][ T5287] FS: 0000555577320480(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 99.537963][ T5287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 99.544538][ T5287] CR2: 00007fb11b497100 CR3: 000000007da5c000 CR4: 0000000000350ef0 [ 99.552501][ T5287] Call Trace: [ 99.555774][ T5287] [ 99.558709][ T5287] ? __warn+0x163/0x4e0 [ 99.562872][ T5287] ? look_up_lock_class+0xdc/0x160 [ 99.567987][ T5287] ? report_bug+0x2b3/0x500 [ 99.572487][ T5287] ? look_up_lock_class+0xdc/0x160 [ 99.577606][ T5287] ? handle_bug+0x3e/0x70 [ 99.581937][ T5287] ? exc_invalid_op+0x1a/0x50 [ 99.586614][ T5287] ? asm_exc_invalid_op+0x1a/0x20 [ 99.591637][ T5287] ? __warn_printk+0x292/0x360 [ 99.596403][ T5287] ? look_up_lock_class+0xdc/0x160 [ 99.601516][ T5287] register_lock_class+0x102/0x980 [ 99.606631][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.612261][ T5287] ? __pfx_register_lock_class+0x10/0x10 [ 99.617886][ T5287] ? __pfx_register_lock_class+0x10/0x10 [ 99.623543][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.629183][ T5287] __lock_acquire+0xda/0x1fd0 [ 99.633863][ T5287] lock_acquire+0x1ed/0x550 [ 99.638357][ T5287] ? ext4_move_extents+0x39d/0xec0 [ 99.643489][ T5287] ? __pfx_lock_acquire+0x10/0x10 [ 99.648508][ T5287] ? __pfx___might_resched+0x10/0x10 [ 99.653794][ T5287] ? __down_write_common+0x162/0x200 [ 99.659081][ T5287] ? __pfx_inode_dio_wait+0x10/0x10 [ 99.664280][ T5287] ? __pfx___down_write_common+0x10/0x10 [ 99.669916][ T5287] ? __pfx___down_write_common+0x10/0x10 [ 99.675556][ T5287] down_write_nested+0x3d/0x50 [ 99.680319][ T5287] ? ext4_move_extents+0x39d/0xec0 [ 99.685428][ T5287] ext4_move_extents+0x39d/0xec0 [ 99.690394][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.696045][ T5287] ? rcu_read_lock_any_held+0xb7/0x160 [ 99.701503][ T5287] ? __pfx_ext4_move_extents+0x10/0x10 [ 99.706968][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.712601][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.718237][ T5287] ext4_ioctl+0x349a/0x5590 [ 99.722740][ T5287] ? kasan_save_track+0x3f/0x80 [ 99.727592][ T5287] ? kasan_save_free_info+0x40/0x50 [ 99.732788][ T5287] ? security_file_ioctl+0x77/0xb0 [ 99.737905][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.743537][ T5287] ? do_vfs_ioctl+0x1e77/0x2e50 [ 99.748389][ T5287] ? __pfx_ext4_ioctl+0x10/0x10 [ 99.753246][ T5287] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 99.758275][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.763926][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.769560][ T5287] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.775888][ T5287] ? tomoyo_path_number_perm+0x208/0x880 [ 99.781524][ T5287] ? __pfx_lock_release+0x10/0x10 [ 99.786555][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.792192][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.797824][ T5287] ? kfree+0x153/0x3a0 [ 99.801892][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.807521][ T5287] ? tomoyo_path_number_perm+0x71a/0x880 [ 99.813158][ T5287] ? tomoyo_path_number_perm+0x208/0x880 [ 99.818790][ T5287] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 99.824775][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.830423][ T5287] ? __pfx_ptrace_notify+0x10/0x10 [ 99.835531][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.841158][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.846804][ T5287] ? security_file_ioctl+0x87/0xb0 [ 99.851925][ T5287] ? __pfx_ext4_ioctl+0x10/0x10 [ 99.856782][ T5287] __se_sys_ioctl+0xfe/0x170 [ 99.861401][ T5287] do_syscall_64+0xf5/0x240 [ 99.865925][ T5287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.871818][ T5287] RIP: 0033:0x7fb11b41eaa9 [ 99.876228][ T5287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 99.895823][ T5287] RSP: 002b:00007ffe46ccb848 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.904231][ T5287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb11b41eaa9 [ 99.912199][ T5287] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005 [ 99.920160][ T5287] RBP: 0000000000000000 R08: 00007ffe46ccb87c R09: 00007ffe46ccb87c [ 99.928128][ T5287] R10: 00007ffe46ccb87c R11: 0000000000000246 R12: 00007ffe46ccb87c [ 99.936094][ T5287] R13: 0000000000000041 R14: 431bde82d7b634db R15: 00007ffe46ccb8b0 [ 99.944071][ T5287] [ 99.947095][ T5287] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 99.954362][ T5287] CPU: 0 PID: 5287 Comm: syz-executor663 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 [ 99.964767][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 99.974814][ T5287] Call Trace: [ 99.978090][ T5287] [ 99.981015][ T5287] dump_stack_lvl+0x241/0x360 [ 99.985702][ T5287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.990922][ T5287] ? __pfx__printk+0x10/0x10 [ 99.995523][ T5287] ? _printk+0xd5/0x120 [ 99.999696][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.005328][ T5287] ? vscnprintf+0x5d/0x90 [ 100.009653][ T5287] panic+0x349/0x860 [ 100.013550][ T5287] ? __warn+0x172/0x4e0 [ 100.017709][ T5287] ? __pfx_panic+0x10/0x10 [ 100.022122][ T5287] ? show_trace_log_lvl+0x4e6/0x520 [ 100.027326][ T5287] __warn+0x346/0x4e0 [ 100.031399][ T5287] ? look_up_lock_class+0xdc/0x160 [ 100.036513][ T5287] report_bug+0x2b3/0x500 [ 100.040841][ T5287] ? look_up_lock_class+0xdc/0x160 [ 100.045955][ T5287] handle_bug+0x3e/0x70 [ 100.050113][ T5287] exc_invalid_op+0x1a/0x50 [ 100.054618][ T5287] asm_exc_invalid_op+0x1a/0x20 [ 100.059468][ T5287] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 100.065190][ T5287] Code: 01 0f 85 80 00 00 00 c6 05 9c c1 13 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 40 d9 ca 8b e8 75 ca d8 f5 90 <0f> 0b 90 90 eb 57 90 e8 68 c7 2b f9 48 c7 c7 80 d8 ca 8b 89 de e8 [ 100.084787][ T5287] RSP: 0018:ffffc90002fcf3f0 EFLAGS: 00010046 [ 100.090851][ T5287] RAX: ec9203e15ec89900 RBX: ffffffff92c67fc8 RCX: ffff888022bb1e00 [ 100.098826][ T5287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.106816][ T5287] RBP: ffffc90002fcf500 R08: ffffffff81588072 R09: 1ffff1101728519a [ 100.114799][ T5287] R10: dffffc0000000000 R11: ffffed101728519b R12: ffff888077a1a088 [ 100.122772][ T5287] R13: ffff888077a1a088 R14: ffff888077a1a088 R15: ffffffff9485aec1 [ 100.130743][ T5287] ? __warn_printk+0x292/0x360 [ 100.135521][ T5287] register_lock_class+0x102/0x980 [ 100.140629][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.146264][ T5287] ? __pfx_register_lock_class+0x10/0x10 [ 100.151890][ T5287] ? __pfx_register_lock_class+0x10/0x10 [ 100.157516][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.163156][ T5287] __lock_acquire+0xda/0x1fd0 [ 100.167856][ T5287] lock_acquire+0x1ed/0x550 [ 100.172354][ T5287] ? ext4_move_extents+0x39d/0xec0 [ 100.177474][ T5287] ? __pfx_lock_acquire+0x10/0x10 [ 100.182494][ T5287] ? __pfx___might_resched+0x10/0x10 [ 100.187791][ T5287] ? __down_write_common+0x162/0x200 [ 100.193079][ T5287] ? __pfx_inode_dio_wait+0x10/0x10 [ 100.198279][ T5287] ? __pfx___down_write_common+0x10/0x10 [ 100.203915][ T5287] ? __pfx___down_write_common+0x10/0x10 [ 100.209554][ T5287] down_write_nested+0x3d/0x50 [ 100.214319][ T5287] ? ext4_move_extents+0x39d/0xec0 [ 100.219531][ T5287] ext4_move_extents+0x39d/0xec0 [ 100.224474][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.230108][ T5287] ? rcu_read_lock_any_held+0xb7/0x160 [ 100.235588][ T5287] ? __pfx_ext4_move_extents+0x10/0x10 [ 100.241077][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.246724][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.252361][ T5287] ext4_ioctl+0x349a/0x5590 [ 100.256875][ T5287] ? kasan_save_track+0x3f/0x80 [ 100.261736][ T5287] ? kasan_save_free_info+0x40/0x50 [ 100.266938][ T5287] ? security_file_ioctl+0x77/0xb0 [ 100.272058][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.277691][ T5287] ? do_vfs_ioctl+0x1e77/0x2e50 [ 100.282548][ T5287] ? __pfx_ext4_ioctl+0x10/0x10 [ 100.287487][ T5287] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 100.292530][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.298163][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.303795][ T5287] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 100.310118][ T5287] ? tomoyo_path_number_perm+0x208/0x880 [ 100.315753][ T5287] ? __pfx_lock_release+0x10/0x10 [ 100.320770][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.326406][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.332045][ T5287] ? kfree+0x153/0x3a0 [ 100.336111][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.341741][ T5287] ? tomoyo_path_number_perm+0x71a/0x880 [ 100.347378][ T5287] ? tomoyo_path_number_perm+0x208/0x880 [ 100.353012][ T5287] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 100.358999][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.364649][ T5287] ? __pfx_ptrace_notify+0x10/0x10 [ 100.369757][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.375388][ T5287] ? srso_alias_return_thunk+0x5/0xfbef5 [ 100.381018][ T5287] ? security_file_ioctl+0x87/0xb0 [ 100.386128][ T5287] ? __pfx_ext4_ioctl+0x10/0x10 [ 100.390988][ T5287] __se_sys_ioctl+0xfe/0x170 [ 100.395757][ T5287] do_syscall_64+0xf5/0x240 [ 100.400277][ T5287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.406167][ T5287] RIP: 0033:0x7fb11b41eaa9 [ 100.410575][ T5287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 100.430172][ T5287] RSP: 002b:00007ffe46ccb848 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.440236][ T5287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb11b41eaa9 [ 100.448199][ T5287] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005 [ 100.456167][ T5287] RBP: 0000000000000000 R08: 00007ffe46ccb87c R09: 00007ffe46ccb87c [ 100.464129][ T5287] R10: 00007ffe46ccb87c R11: 0000000000000246 R12: 00007ffe46ccb87c [ 100.472094][ T5287] R13: 0000000000000041 R14: 431bde82d7b634db R15: 00007ffe46ccb8b0 [ 100.480068][ T5287] [ 100.483335][ T5287] Kernel Offset: disabled [ 100.487662][ T5287] Rebooting in 86400 seconds..