./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2264751334 <...> Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts. execve("./syz-executor2264751334", ["./syz-executor2264751334"], 0x7ffc5a3c1b90 /* 10 vars */) = 0 brk(NULL) = 0x5555788fc000 brk(0x5555788fcd40) = 0x5555788fcd40 arch_prctl(ARCH_SET_FS, 0x5555788fc3c0) = 0 set_tid_address(0x5555788fc690) = 5214 set_robust_list(0x5555788fc6a0, 24) = 0 rseq(0x5555788fcce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2264751334", 4096) = 28 getrandom("\x3f\xc5\xf4\xbf\x70\x18\xe4\x8a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555788fcd40 brk(0x55557891dd40) = 0x55557891dd40 brk(0x55557891e000) = 0x55557891e000 mprotect(0x7fa78eeb5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getrandom("\x4d\xbd\x62\xac\x62\x71\xc4\x28", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.zwao5W", 0700) = 0 chmod("./syzkaller.zwao5W", 0777) = 0 chdir("./syzkaller.zwao5W") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x5555788fc690) = 5215 [pid 5215] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5215] chdir("./0") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5215] write(1, "executing program\n", 18) = 18 [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5215] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0} => {parent_tid=[5217]}, 88) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5217] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5217] munmap(0x7fa786800000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] close(4) = 0 [pid 5217] mkdir("./file7", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5217] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file7") = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5217] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [ 60.767004][ T5217] loop0: detected capacity change from 0 to 32768 [pid 5215] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] openat(AT_FDCWD, ".", O_RDONLY [pid 5215] <... futex resumed>) = 1 [pid 5217] <... openat resumed>) = 4 [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] <... futex resumed>) = 0 [pid 5217] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... ioctl resumed>) = 0 [pid 5217] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] <... futex resumed>) = 0 [pid 5217] fspick(AT_FDCWD, ".", 0 [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... fspick resumed>) = 5 [pid 5217] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] <... futex resumed>) = 0 [pid 5217] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5215] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5217] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] exit_group(0 [pid 5217] <... futex resumed>) = ? [pid 5215] <... exit_group resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.887378][ T5217] syz-executor226: attempt to access beyond end of device [ 60.887378][ T5217] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 60.900822][ T5217] lbmIODone: I/O error in JFS log [ 60.906122][ T5217] *** Log Format Error ! *** [ 60.911226][ T5217] lmLogInit: exit(-22) [ 60.915378][ T5217] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x5555788fc690) = 5218 [pid 5218] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5218] chdir("./1") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5218] write(1, "executing program\n", 18) = 18 [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5218] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5218] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 [pid 5219] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] memfd_create("syzkaller", 0 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] <... memfd_create resumed>) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5219] munmap(0x7fa786800000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file7", 0777) = 0 [pid 5219] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5219] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file7") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5219] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5219] openat(AT_FDCWD, ".", O_RDONLY [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... openat resumed>) = 4 [pid 5219] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5219] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 61.309763][ T5219] loop0: detected capacity change from 0 to 32768 [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... ioctl resumed>) = 0 [pid 5219] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5219] fspick(AT_FDCWD, ".", 0 [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... fspick resumed>) = 5 [pid 5219] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5219] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = 1 [pid 5218] exit_group(0 [pid 5219] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 61.425297][ T5219] syz-executor226: attempt to access beyond end of device [ 61.425297][ T5219] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 61.438724][ T5219] lbmIODone: I/O error in JFS log [ 61.443748][ T5219] *** Log Format Error ! *** [ 61.448717][ T5219] lmLogInit: exit(-22) [ 61.452818][ T5219] lmLogOpen: exit(-22) umount2("./1/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x5555788fc690) = 5220 [pid 5220] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5220] chdir("./2") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5220] write(1, "executing program\n", 18) = 18 [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5220] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5221 attached [pid 5221] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5221] set_robust_list(0x7fa78ede39a0, 24 [pid 5220] <... clone3 resumed> => {parent_tid=[5221]}, 88) = 5221 [pid 5221] <... set_robust_list resumed>) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] memfd_create("syzkaller", 0 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] <... memfd_create resumed>) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5221] munmap(0x7fa786800000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] close(4) = 0 [pid 5221] mkdir("./file7", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5221] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file7") = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5221] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5221] openat(AT_FDCWD, ".", O_RDONLY [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... openat resumed>) = 4 [pid 5221] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5221] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 61.820229][ T5221] loop0: detected capacity change from 0 to 32768 [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... ioctl resumed>) = 0 [pid 5221] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5221] fspick(AT_FDCWD, ".", 0) = 5 [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5221] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5220] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5221] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5220] exit_group(0 [pid 5221] <... futex resumed>) = ? [pid 5220] <... exit_group resumed>) = ? [pid 5221] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 61.939626][ T5221] syz-executor226: attempt to access beyond end of device [ 61.939626][ T5221] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 61.953044][ T5221] lbmIODone: I/O error in JFS log [ 61.958299][ T5221] *** Log Format Error ! *** [ 61.963306][ T5221] lmLogInit: exit(-22) [ 61.967513][ T5221] lmLogOpen: exit(-22) umount2("./2/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x5555788fc690) = 5222 [pid 5222] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5222] chdir("./3") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5222] write(1, "executing program\n", 18) = 18 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5222] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5222] <... clone3 resumed> => {parent_tid=[5223]}, 88) = 5223 [pid 5223] <... rseq resumed>) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] set_robust_list(0x7fa78ede39a0, 24 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] <... futex resumed>) = 0 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] memfd_create("syzkaller", 0 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5223] <... memfd_create resumed>) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5223] munmap(0x7fa786800000, 138412032) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] close(4) = 0 [pid 5223] mkdir("./file7", 0777) = 0 [pid 5223] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5223] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./file7") = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5223] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5222] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] openat(AT_FDCWD, ".", O_RDONLY [pid 5222] <... futex resumed>) = 0 [pid 5223] <... openat resumed>) = 4 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 62.343792][ T5223] loop0: detected capacity change from 0 to 32768 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... ioctl resumed>) = 0 [pid 5222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5223] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5223] fspick(AT_FDCWD, ".", 0 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... fspick resumed>) = 5 [pid 5223] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5222] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5223] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] exit_group(0 [pid 5223] <... futex resumed>) = ? [pid 5222] <... exit_group resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 62.457645][ T5223] syz-executor226: attempt to access beyond end of device [ 62.457645][ T5223] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 62.471330][ T5223] lbmIODone: I/O error in JFS log [ 62.476448][ T5223] *** Log Format Error ! *** [ 62.481255][ T5223] lmLogInit: exit(-22) [ 62.485460][ T5223] lmLogOpen: exit(-22) umount2("./3/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x5555788fc690) = 5224 [pid 5224] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5224] chdir("./4") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5224] write(1, "executing program\n", 18) = 18 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5224] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5225 attached [pid 5225] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5224] <... clone3 resumed> => {parent_tid=[5225]}, 88) = 5225 [pid 5225] <... rseq resumed>) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] set_robust_list(0x7fa78ede39a0, 24 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5224] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] <... futex resumed>) = 0 [pid 5225] memfd_create("syzkaller", 0 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] <... memfd_create resumed>) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5225] munmap(0x7fa786800000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file7", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5225] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file7") = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5225] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5224] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] openat(AT_FDCWD, ".", O_RDONLY [pid 5224] <... futex resumed>) = 0 [pid 5225] <... openat resumed>) = 4 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5224] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.866348][ T5225] loop0: detected capacity change from 0 to 32768 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... ioctl resumed>) = 0 [pid 5224] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5225] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 0 [pid 5225] fspick(AT_FDCWD, ".", 0 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... fspick resumed>) = 5 [pid 5225] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5224] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5225] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5224] exit_group(0 [pid 5225] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.952126][ T5225] syz-executor226: attempt to access beyond end of device [ 62.952126][ T5225] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 62.965509][ T5225] lbmIODone: I/O error in JFS log [ 62.970546][ T5225] *** Log Format Error ! *** [ 62.975564][ T5225] lmLogInit: exit(-22) [ 62.979680][ T5225] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5226] chdir("./5" [pid 5214] <... clone resumed>, child_tidptr=0x5555788fc690) = 5226 [pid 5226] <... chdir resumed>) = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] write(1, "executing program\n", 18executing program ) = 18 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5226] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5227 attached => {parent_tid=[5227]}, 88) = 5227 [pid 5227] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5227] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5226] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5227] memfd_create("syzkaller", 0 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5227] <... memfd_create resumed>) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5227] munmap(0x7fa786800000, 138412032) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] close(4) = 0 [pid 5227] mkdir("./file7", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5227] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file7") = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5227] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] openat(AT_FDCWD, ".", O_RDONLY [pid 5226] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... openat resumed>) = 4 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5227] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 63.356778][ T5227] loop0: detected capacity change from 0 to 32768 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... ioctl resumed>) = 0 [pid 5227] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5227] fspick(AT_FDCWD, ".", 0 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... fspick resumed>) = 5 [pid 5227] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5226] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5227] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] exit_group(0) = ? [pid 5227] <... futex resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 63.467536][ T5227] syz-executor226: attempt to access beyond end of device [ 63.467536][ T5227] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 63.481162][ T5227] lbmIODone: I/O error in JFS log [ 63.486376][ T5227] *** Log Format Error ! *** [ 63.491182][ T5227] lmLogInit: exit(-22) [ 63.495353][ T5227] lmLogOpen: exit(-22) umount2("./5/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x5555788fc690) = 5228 [pid 5228] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5228] chdir("./6") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] write(1, "executing program\n", 18executing program ) = 18 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5228] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5229 attached [pid 5229] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5228] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5229] <... rseq resumed>) = 0 [pid 5229] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5229] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5229] memfd_create("syzkaller", 0 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] <... memfd_create resumed>) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5229] munmap(0x7fa786800000, 138412032) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] close(4) = 0 [pid 5229] mkdir("./file7", 0777) = 0 [pid 5229] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5229] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file7") = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5229] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5229] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5228] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.844123][ T5229] loop0: detected capacity change from 0 to 32768 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... ioctl resumed>) = 0 [pid 5229] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5229] fspick(AT_FDCWD, ".", 0 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... fspick resumed>) = 5 [pid 5229] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5228] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5229] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5228] <... exit_group resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.948972][ T5229] syz-executor226: attempt to access beyond end of device [ 63.948972][ T5229] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 63.962407][ T5229] lbmIODone: I/O error in JFS log [ 63.967489][ T5229] *** Log Format Error ! *** [ 63.972511][ T5229] lmLogInit: exit(-22) [ 63.976704][ T5229] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5230] chdir("./7" [pid 5214] <... clone resumed>, child_tidptr=0x5555788fc690) = 5230 [pid 5230] <... chdir resumed>) = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5230] write(1, "executing program\n", 18) = 18 [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5230] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5231 attached [pid 5231] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5230] <... clone3 resumed> => {parent_tid=[5231]}, 88) = 5231 [pid 5231] set_robust_list(0x7fa78ede39a0, 24 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] <... set_robust_list resumed>) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] <... futex resumed>) = 0 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5231] <... memfd_create resumed>) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5231] munmap(0x7fa786800000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./file7", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5231] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file7") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5231] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] openat(AT_FDCWD, ".", O_RDONLY [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 4 [pid 5231] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 64.369349][ T5231] loop0: detected capacity change from 0 to 32768 [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... ioctl resumed>) = 0 [pid 5230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5231] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 0 [pid 5231] fspick(AT_FDCWD, ".", 0 [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... fspick resumed>) = 5 [pid 5231] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5230] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5231] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5230] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.482662][ T5231] syz-executor226: attempt to access beyond end of device [ 64.482662][ T5231] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 64.496074][ T5231] lbmIODone: I/O error in JFS log [ 64.501116][ T5231] *** Log Format Error ! *** [ 64.506103][ T5231] lmLogInit: exit(-22) [ 64.510200][ T5231] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached , child_tidptr=0x5555788fc690) = 5232 [pid 5232] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5232] chdir("./8") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5232] write(1, "executing program\n", 18) = 18 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5232] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5233 attached => {parent_tid=[5233]}, 88) = 5233 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5232] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] <... rseq resumed>) = 0 [pid 5233] set_robust_list(0x7fa78ede39a0, 24 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] <... set_robust_list resumed>) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5233] munmap(0x7fa786800000, 138412032) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] close(4) = 0 [pid 5233] mkdir("./file7", 0777) = 0 [pid 5233] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5233] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file7") = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5233] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] openat(AT_FDCWD, ".", O_RDONLY [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... openat resumed>) = 4 [pid 5233] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5232] <... futex resumed>) = 0 [ 64.900587][ T5233] loop0: detected capacity change from 0 to 32768 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... ioctl resumed>) = 0 [pid 5233] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] fspick(AT_FDCWD, ".", 0 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... fspick resumed>) = 5 [pid 5233] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5232] <... futex resumed>) = 1 [pid 5232] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5233] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 65.006407][ T5233] syz-executor226: attempt to access beyond end of device [ 65.006407][ T5233] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 65.019786][ T5233] lbmIODone: I/O error in JFS log [ 65.025135][ T5233] *** Log Format Error ! *** [ 65.029933][ T5233] lmLogInit: exit(-22) [ 65.034041][ T5233] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5214] <... clone resumed>, child_tidptr=0x5555788fc690) = 5234 [pid 5234] chdir("./9") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5234] write(1, "executing program\n", 18) = 18 [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5234] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5235 attached [pid 5235] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5234] <... clone3 resumed> => {parent_tid=[5235]}, 88) = 5235 [pid 5235] <... rseq resumed>) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] set_robust_list(0x7fa78ede39a0, 24 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] <... set_robust_list resumed>) = 0 [pid 5234] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5235] munmap(0x7fa786800000, 138412032) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] close(4) = 0 [pid 5235] mkdir("./file7", 0777) = 0 [pid 5235] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5235] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./file7") = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5235] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... futex resumed>) = 0 [pid 5235] openat(AT_FDCWD, ".", O_RDONLY [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... openat resumed>) = 4 [pid 5235] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5234] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.411734][ T5235] loop0: detected capacity change from 0 to 32768 [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... ioctl resumed>) = 0 [pid 5235] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5234] <... futex resumed>) = 1 [pid 5235] fspick(AT_FDCWD, ".", 0 [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... fspick resumed>) = 5 [pid 5235] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... futex resumed>) = 0 [pid 5235] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5234] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5235] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] exit_group(0 [pid 5235] <... futex resumed>) = ? [pid 5234] <... exit_group resumed>) = ? [pid 5235] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 [ 65.525718][ T5235] syz-executor226: attempt to access beyond end of device [ 65.525718][ T5235] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 65.539340][ T5235] lbmIODone: I/O error in JFS log [ 65.544368][ T5235] *** Log Format Error ! *** [ 65.549661][ T5235] lmLogInit: exit(-22) [ 65.553781][ T5235] lmLogOpen: exit(-22) umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5236] chdir("./10" [pid 5214] <... clone resumed>, child_tidptr=0x5555788fc690) = 5236 [pid 5236] <... chdir resumed>) = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5236] write(1, "executing program\n", 18) = 18 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5236] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5237 attached [pid 5237] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5237] set_robust_list(0x7fa78ede39a0, 24 [pid 5236] <... clone3 resumed> => {parent_tid=[5237]}, 88) = 5237 [pid 5237] <... set_robust_list resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] memfd_create("syzkaller", 0 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] <... memfd_create resumed>) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5237] munmap(0x7fa786800000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file7", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5237] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file7") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5237] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] openat(AT_FDCWD, ".", O_RDONLY [pid 5236] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... openat resumed>) = 4 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 65.905366][ T5237] loop0: detected capacity change from 0 to 32768 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... ioctl resumed>) = 0 [pid 5236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5237] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] fspick(AT_FDCWD, ".", 0 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... fspick resumed>) = 5 [pid 5237] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5237] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5237] <... futex resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5236] <... exit_group resumed>) = ? [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 66.023244][ T5237] syz-executor226: attempt to access beyond end of device [ 66.023244][ T5237] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 66.036617][ T5237] lbmIODone: I/O error in JFS log [ 66.041642][ T5237] *** Log Format Error ! *** [ 66.046635][ T5237] lmLogInit: exit(-22) [ 66.050724][ T5237] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./10/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached , child_tidptr=0x5555788fc690) = 5238 [pid 5238] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5238] chdir("./11") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5238] write(1, "executing program\n", 18) = 18 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5238] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5239 attached [pid 5239] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5238] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5239] memfd_create("syzkaller", 0 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] <... memfd_create resumed>) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5239] munmap(0x7fa786800000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] close(4) = 0 [pid 5239] mkdir("./file7", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5239] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file7") = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5239] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] openat(AT_FDCWD, ".", O_RDONLY [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... openat resumed>) = 4 [pid 5239] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5238] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5238] <... futex resumed>) = 0 [ 66.459788][ T5239] loop0: detected capacity change from 0 to 32768 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... ioctl resumed>) = 0 [pid 5239] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] fspick(AT_FDCWD, ".", 0 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... fspick resumed>) = 5 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5239] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5238] exit_group(0) = ? [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 66.575298][ T5239] syz-executor226: attempt to access beyond end of device [ 66.575298][ T5239] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 66.588670][ T5239] lbmIODone: I/O error in JFS log [ 66.593694][ T5239] *** Log Format Error ! *** [ 66.598667][ T5239] lmLogInit: exit(-22) [ 66.602762][ T5239] lmLogOpen: exit(-22) unlink("./11/binderfs") = 0 umount2("./11/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x5555788fc690) = 5240 [pid 5240] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5240] chdir("./12") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5240] write(1, "executing program\n", 18) = 18 [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5240] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5240] <... clone3 resumed> => {parent_tid=[5241]}, 88) = 5241 [pid 5241] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] memfd_create("syzkaller", 0 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] <... memfd_create resumed>) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5241] munmap(0x7fa786800000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] close(4) = 0 [pid 5241] mkdir("./file7", 0777) = 0 [pid 5241] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5241] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file7") = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5241] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] openat(AT_FDCWD, ".", O_RDONLY [pid 5240] <... futex resumed>) = 0 [pid 5241] <... openat resumed>) = 4 [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5240] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.011115][ T5241] loop0: detected capacity change from 0 to 32768 [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... ioctl resumed>) = 0 [pid 5240] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5241] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] fspick(AT_FDCWD, ".", 0) = 5 [pid 5241] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5241] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5240] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5241] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] exit_group(0 [pid 5241] <... futex resumed>) = ? [pid 5240] <... exit_group resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 67.123714][ T5241] syz-executor226: attempt to access beyond end of device [ 67.123714][ T5241] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 67.137182][ T5241] lbmIODone: I/O error in JFS log [ 67.142208][ T5241] *** Log Format Error ! *** [ 67.147212][ T5241] lmLogInit: exit(-22) [ 67.151325][ T5241] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x5555788fc6a0, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555788fc690) = 5242 [pid 5242] <... set_robust_list resumed>) = 0 [pid 5242] chdir("./13") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5242] write(1, "executing program\n", 18) = 18 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5242] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5243 attached => {parent_tid=[5243]}, 88) = 5243 [pid 5243] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5243] set_robust_list(0x7fa78ede39a0, 24 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5242] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] <... futex resumed>) = 0 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5243] munmap(0x7fa786800000, 138412032) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./file7", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5243] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./file7") = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5243] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5243] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5243] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 67.515206][ T5243] loop0: detected capacity change from 0 to 32768 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... ioctl resumed>) = 0 [pid 5243] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5243] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] <... futex resumed>) = 0 [pid 5243] fspick(AT_FDCWD, ".", 0 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... fspick resumed>) = 5 [pid 5243] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5243] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5243] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5243] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] exit_group(0) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 67.618013][ T5243] syz-executor226: attempt to access beyond end of device [ 67.618013][ T5243] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 67.631404][ T5243] lbmIODone: I/O error in JFS log [ 67.636455][ T5243] *** Log Format Error ! *** [ 67.641255][ T5243] lmLogInit: exit(-22) [ 67.645373][ T5243] lmLogOpen: exit(-22) umount2("./13/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x5555788fc690) = 5244 [pid 5244] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5244] chdir("./14") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5244] write(1, "executing program\n", 18) = 18 [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5244] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5245 attached [pid 5245] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5244] <... clone3 resumed> => {parent_tid=[5245]}, 88) = 5245 [pid 5245] <... rseq resumed>) = 0 [pid 5245] set_robust_list(0x7fa78ede39a0, 24 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5245] munmap(0x7fa786800000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] close(4) = 0 [pid 5245] mkdir("./file7", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5245] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file7") = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 67.985989][ T5245] loop0: detected capacity change from 0 to 32768 [pid 5245] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] openat(AT_FDCWD, ".", O_RDONLY [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... openat resumed>) = 4 [pid 5245] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... ioctl resumed>) = 0 [pid 5245] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] fspick(AT_FDCWD, ".", 0 [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... fspick resumed>) = 5 [pid 5245] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5244] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5245] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5244] exit_group(0) = ? [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 68.131520][ T5245] syz-executor226: attempt to access beyond end of device [ 68.131520][ T5245] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 68.145335][ T5245] lbmIODone: I/O error in JFS log [ 68.150398][ T5245] *** Log Format Error ! *** [ 68.155576][ T5245] lmLogInit: exit(-22) [ 68.159684][ T5245] lmLogOpen: exit(-22) umount2("./14/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555788fc690) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5246] chdir("./15") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5246] write(1, "executing program\n", 18) = 18 [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5246] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0} => {parent_tid=[5247]}, 88) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5247] set_robust_list(0x7fa78ede39a0, 24 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... set_robust_list resumed>) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5247] munmap(0x7fa786800000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./file7", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5247] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file7") = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5247] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 68.563948][ T5247] loop0: detected capacity change from 0 to 32768 [pid 5247] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] openat(AT_FDCWD, ".", O_RDONLY [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... openat resumed>) = 4 [pid 5247] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5246] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... ioctl resumed>) = 0 [pid 5246] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5247] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5247] fspick(AT_FDCWD, ".", 0 [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... fspick resumed>) = 5 [pid 5247] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5246] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5247] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] exit_group(0 [pid 5247] <... futex resumed>) = ? [pid 5246] <... exit_group resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 68.706818][ T5247] syz-executor226: attempt to access beyond end of device [ 68.706818][ T5247] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 68.720193][ T5247] lbmIODone: I/O error in JFS log [ 68.725391][ T5247] *** Log Format Error ! *** [ 68.730198][ T5247] lmLogInit: exit(-22) [ 68.734273][ T5247] lmLogOpen: exit(-22) umount2("./15/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5248 attached , child_tidptr=0x5555788fc690) = 5248 [pid 5248] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5248] chdir("./16") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5248] write(1, "executing program\n", 18) = 18 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5248] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5249 attached [pid 5249] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5248] <... clone3 resumed> => {parent_tid=[5249]}, 88) = 5249 [pid 5249] <... rseq resumed>) = 0 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] set_robust_list(0x7fa78ede39a0, 24 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] <... futex resumed>) = 0 [pid 5249] memfd_create("syzkaller", 0 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5249] <... memfd_create resumed>) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5249] munmap(0x7fa786800000, 138412032) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] close(4) = 0 [pid 5249] mkdir("./file7", 0777) = 0 [pid 5249] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5249] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./file7") = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5249] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] openat(AT_FDCWD, ".", O_RDONLY [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... openat resumed>) = 4 [pid 5249] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5248] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5248] <... futex resumed>) = 0 [ 69.114917][ T5249] loop0: detected capacity change from 0 to 32768 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... ioctl resumed>) = 0 [pid 5249] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] fspick(AT_FDCWD, ".", 0) = 5 [pid 5249] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5249] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5248] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5249] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5248] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 69.226610][ T5249] syz-executor226: attempt to access beyond end of device [ 69.226610][ T5249] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 69.240381][ T5249] lbmIODone: I/O error in JFS log [ 69.245487][ T5249] *** Log Format Error ! *** [ 69.250354][ T5249] lmLogInit: exit(-22) [ 69.254427][ T5249] lmLogOpen: exit(-22) getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x5555788fc690) = 5250 [pid 5250] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5250] chdir("./17") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5250] write(1, "executing program\n", 18) = 18 [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5250] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5251 attached [pid 5251] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5250] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] <... rseq resumed>) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5251] memfd_create("syzkaller", 0 [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] <... memfd_create resumed>) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5251] munmap(0x7fa786800000, 138412032) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] close(4) = 0 [pid 5251] mkdir("./file7", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5251] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file7") = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5251] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5251] openat(AT_FDCWD, ".", O_RDONLY [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... openat resumed>) = 4 [ 69.652455][ T5251] loop0: detected capacity change from 0 to 32768 [pid 5251] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5250] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... ioctl resumed>) = 0 [pid 5251] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5250] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] fspick(AT_FDCWD, ".", 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... fspick resumed>) = 5 [pid 5251] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5251] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.776314][ T5251] syz-executor226: attempt to access beyond end of device [ 69.776314][ T5251] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 69.789670][ T5251] lbmIODone: I/O error in JFS log [ 69.794791][ T5251] *** Log Format Error ! *** [ 69.799762][ T5251] lmLogInit: exit(-22) [ 69.803905][ T5251] lmLogOpen: exit(-22) openat(AT_FDCWD, "./17/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x5555788fc690) = 5252 [pid 5252] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5252] chdir("./18") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] write(1, "executing program\n", 18executing program ) = 18 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5252] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5253 attached [pid 5253] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5252] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] <... rseq resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5253] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5253] munmap(0x7fa786800000, 138412032) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] close(4) = 0 [pid 5253] mkdir("./file7", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5253] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./file7") = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5253] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5252] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5252] <... futex resumed>) = 0 [ 70.208430][ T5253] loop0: detected capacity change from 0 to 32768 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... ioctl resumed>) = 0 [pid 5253] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] fspick(AT_FDCWD, ".", 0 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... fspick resumed>) = 5 [pid 5253] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5253] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] exit_group(0 [pid 5253] <... futex resumed>) = ? [pid 5252] <... exit_group resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 70.326577][ T5253] syz-executor226: attempt to access beyond end of device [ 70.326577][ T5253] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 70.340161][ T5253] lbmIODone: I/O error in JFS log [ 70.345244][ T5253] *** Log Format Error ! *** [ 70.350043][ T5253] lmLogInit: exit(-22) [ 70.354114][ T5253] lmLogOpen: exit(-22) umount2("./18/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached , child_tidptr=0x5555788fc690) = 5254 [pid 5254] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5254] chdir("./19") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] write(1, "executing program\n", 18executing program ) = 18 [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5254] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5255 attached => {parent_tid=[5255]}, 88) = 5255 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] <... futex resumed>) = 0 [pid 5255] memfd_create("syzkaller", 0 [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5255] <... memfd_create resumed>) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5255] munmap(0x7fa786800000, 138412032) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] close(4) = 0 [pid 5255] mkdir("./file7", 0777) = 0 [pid 5255] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5255] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./file7") = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5255] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5255] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5255] openat(AT_FDCWD, ".", O_RDONLY [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... openat resumed>) = 4 [ 70.760048][ T5255] loop0: detected capacity change from 0 to 32768 [pid 5255] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5255] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5254] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... ioctl resumed>) = 0 [pid 5255] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] fspick(AT_FDCWD, ".", 0 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... fspick resumed>) = 5 [pid 5255] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5254] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5255] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5254] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 70.887788][ T5255] syz-executor226: attempt to access beyond end of device [ 70.887788][ T5255] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 70.901212][ T5255] lbmIODone: I/O error in JFS log [ 70.906308][ T5255] *** Log Format Error ! *** [ 70.911108][ T5255] lmLogInit: exit(-22) [ 70.915259][ T5255] lmLogOpen: exit(-22) umount2("./19/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x5555788fc690) = 5256 [pid 5256] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5256] chdir("./20") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5256] write(1, "executing program\n", 18) = 18 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5256] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5257 attached => {parent_tid=[5257]}, 88) = 5257 [pid 5257] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5257] munmap(0x7fa786800000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] close(4) = 0 [pid 5257] mkdir("./file7", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5257] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file7") = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5257] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] openat(AT_FDCWD, ".", O_RDONLY [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 4 [pid 5257] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5256] <... futex resumed>) = 0 [ 71.323632][ T5257] loop0: detected capacity change from 0 to 32768 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... ioctl resumed>) = 0 [pid 5257] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] fspick(AT_FDCWD, ".", 0 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... fspick resumed>) = 5 [pid 5257] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5257] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5256] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5257] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 [ 71.455357][ T5257] syz-executor226: attempt to access beyond end of device [ 71.455357][ T5257] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 71.468823][ T5257] lbmIODone: I/O error in JFS log [ 71.473830][ T5257] *** Log Format Error ! *** [ 71.478810][ T5257] lmLogInit: exit(-22) [ 71.482902][ T5257] lmLogOpen: exit(-22) umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached , child_tidptr=0x5555788fc690) = 5258 [pid 5258] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5258] chdir("./21") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5258] write(1, "executing program\n", 18) = 18 [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5258] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5258] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] <... rseq resumed>) = 0 [pid 5259] set_robust_list(0x7fa78ede39a0, 24 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] <... set_robust_list resumed>) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5259] munmap(0x7fa786800000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] close(4) = 0 [pid 5259] mkdir("./file7", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5259] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./file7") = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5259] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] openat(AT_FDCWD, ".", O_RDONLY [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... openat resumed>) = 4 [pid 5259] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5258] <... futex resumed>) = 0 [ 71.861162][ T5259] loop0: detected capacity change from 0 to 32768 [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... ioctl resumed>) = 0 [pid 5259] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] fspick(AT_FDCWD, ".", 0 [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... fspick resumed>) = 5 [pid 5259] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5258] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5259] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5259] <... futex resumed>) = 1 [pid 5258] exit_group(0 [pid 5259] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5258] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 71.980826][ T5259] syz-executor226: attempt to access beyond end of device [ 71.980826][ T5259] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 71.994235][ T5259] lbmIODone: I/O error in JFS log [ 71.999637][ T5259] *** Log Format Error ! *** [ 72.004449][ T5259] lmLogInit: exit(-22) [ 72.008608][ T5259] lmLogOpen: exit(-22) umount2("./21/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5260 attached , child_tidptr=0x5555788fc690) = 5260 [pid 5260] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5260] chdir("./22") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] write(1, "executing program\n", 18executing program ) = 18 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5260] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5261 attached [pid 5261] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5260] <... clone3 resumed> => {parent_tid=[5261]}, 88) = 5261 [pid 5261] <... rseq resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] set_robust_list(0x7fa78ede39a0, 24 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5260] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... futex resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5261] munmap(0x7fa786800000, 138412032) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] close(3) = 0 [pid 5261] close(4) = 0 [pid 5261] mkdir("./file7", 0777) = 0 [pid 5261] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5261] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5261] chdir("./file7") = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5261] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] openat(AT_FDCWD, ".", O_RDONLY [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 4 [pid 5261] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [pid 5261] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 72.422681][ T5261] loop0: detected capacity change from 0 to 32768 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... ioctl resumed>) = 0 [pid 5261] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] fspick(AT_FDCWD, ".", 0 [pid 5260] <... futex resumed>) = 0 [pid 5261] <... fspick resumed>) = 5 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [pid 5261] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5260] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5261] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.525308][ T5261] syz-executor226: attempt to access beyond end of device [ 72.525308][ T5261] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 72.538670][ T5261] lbmIODone: I/O error in JFS log [ 72.543678][ T5261] *** Log Format Error ! *** [ 72.548679][ T5261] lmLogInit: exit(-22) [ 72.552784][ T5261] lmLogOpen: exit(-22) openat(AT_FDCWD, "./22/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x5555788fc690) = 5262 [pid 5262] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5262] chdir("./23") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] write(1, "executing program\n", 18executing program ) = 18 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5262] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5263 attached [pid 5263] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5262] <... clone3 resumed> => {parent_tid=[5263]}, 88) = 5263 [pid 5263] set_robust_list(0x7fa78ede39a0, 24 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] <... set_robust_list resumed>) = 0 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5263] memfd_create("syzkaller", 0 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] <... memfd_create resumed>) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5263] munmap(0x7fa786800000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] close(4) = 0 [pid 5263] mkdir("./file7", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5263] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file7") = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5263] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] openat(AT_FDCWD, ".", O_RDONLY [pid 5262] <... futex resumed>) = 0 [pid 5263] <... openat resumed>) = 4 [pid 5263] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 72.883520][ T5263] loop0: detected capacity change from 0 to 32768 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... ioctl resumed>) = 0 [pid 5262] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5263] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5263] fspick(AT_FDCWD, ".", 0 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... fspick resumed>) = 5 [pid 5263] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5262] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5263] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... futex resumed>) = 0 [pid 5262] exit_group(0 [pid 5263] <... futex resumed>) = ? [pid 5262] <... exit_group resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 72.989395][ T5263] syz-executor226: attempt to access beyond end of device [ 72.989395][ T5263] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 73.002807][ T5263] lbmIODone: I/O error in JFS log [ 73.007940][ T5263] *** Log Format Error ! *** [ 73.012740][ T5263] lmLogInit: exit(-22) [ 73.016877][ T5263] lmLogOpen: exit(-22) umount2("./23/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x5555788fc690) = 5264 [pid 5264] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5264] chdir("./24") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] write(1, "executing program\n", 18executing program ) = 18 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5264] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5265 attached [pid 5265] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5264] <... clone3 resumed> => {parent_tid=[5265]}, 88) = 5265 [pid 5265] <... rseq resumed>) = 0 [pid 5265] set_robust_list(0x7fa78ede39a0, 24 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] <... set_robust_list resumed>) = 0 [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] <... futex resumed>) = 0 [pid 5265] memfd_create("syzkaller", 0 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5265] <... memfd_create resumed>) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5265] munmap(0x7fa786800000, 138412032) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] close(4) = 0 [pid 5265] mkdir("./file7", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5265] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./file7") = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5265] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5264] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] openat(AT_FDCWD, ".", O_RDONLY [pid 5264] <... futex resumed>) = 0 [pid 5265] <... openat resumed>) = 4 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... futex resumed>) = 0 [pid 5265] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 73.372337][ T5265] loop0: detected capacity change from 0 to 32768 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... ioctl resumed>) = 0 [pid 5264] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5265] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5265] fspick(AT_FDCWD, ".", 0 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... fspick resumed>) = 5 [pid 5265] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5265] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5264] <... exit_group resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 73.506419][ T5265] syz-executor226: attempt to access beyond end of device [ 73.506419][ T5265] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 73.520100][ T5265] lbmIODone: I/O error in JFS log [ 73.525178][ T5265] *** Log Format Error ! *** [ 73.529985][ T5265] lmLogInit: exit(-22) [ 73.534059][ T5265] lmLogOpen: exit(-22) umount2("./24/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x5555788fc690) = 5266 [pid 5266] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5266] chdir("./25") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] write(1, "executing program\n", 18executing program ) = 18 [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5266] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5267 attached [pid 5267] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] <... clone3 resumed> => {parent_tid=[5267]}, 88) = 5267 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5267] munmap(0x7fa786800000, 138412032) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] close(4) = 0 [pid 5267] mkdir("./file7", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5267] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file7") = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5267] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] openat(AT_FDCWD, ".", O_RDONLY [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... openat resumed>) = 4 [ 73.911868][ T5267] loop0: detected capacity change from 0 to 32768 [pid 5267] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... ioctl resumed>) = 0 [pid 5266] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5267] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] fspick(AT_FDCWD, ".", 0 [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... fspick resumed>) = 5 [pid 5267] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5266] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5267] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.044504][ T5267] syz-executor226: attempt to access beyond end of device [ 74.044504][ T5267] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 74.058351][ T5267] lbmIODone: I/O error in JFS log [ 74.063386][ T5267] *** Log Format Error ! *** [ 74.068372][ T5267] lmLogInit: exit(-22) [ 74.072494][ T5267] lmLogOpen: exit(-22) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x5555788fc690) = 5268 [pid 5268] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5268] chdir("./26") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] write(1, "executing program\n", 18executing program ) = 18 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5268] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5269 attached => {parent_tid=[5269]}, 88) = 5269 [pid 5269] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5269] set_robust_list(0x7fa78ede39a0, 24) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5269] munmap(0x7fa786800000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] close(4) = 0 [pid 5269] mkdir("./file7", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5269] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file7") = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5269] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 74.488550][ T5269] loop0: detected capacity change from 0 to 32768 [pid 5269] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [pid 5268] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... ioctl resumed>) = 0 [pid 5269] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] fspick(AT_FDCWD, ".", 0 [pid 5268] <... futex resumed>) = 0 [pid 5269] <... fspick resumed>) = 5 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5268] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5269] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] exit_group(0 [pid 5269] <... futex resumed>) = ? [pid 5268] <... exit_group resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 74.622782][ T5269] syz-executor226: attempt to access beyond end of device [ 74.622782][ T5269] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 74.636267][ T5269] lbmIODone: I/O error in JFS log [ 74.641397][ T5269] *** Log Format Error ! *** [ 74.646734][ T5269] lmLogInit: exit(-22) [ 74.650835][ T5269] lmLogOpen: exit(-22) umount2("./26/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555788fc690) = 5270 ./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5270] chdir("./27") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5270] write(1, "executing program\n", 18) = 18 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5270] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5271 attached [pid 5271] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053 [pid 5270] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] <... rseq resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] set_robust_list(0x7fa78ede39a0, 24 [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5270] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] <... futex resumed>) = 0 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5271] munmap(0x7fa786800000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] close(4) = 0 [pid 5271] mkdir("./file7", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5271] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./file7") = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5271] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] openat(AT_FDCWD, ".", O_RDONLY [pid 5270] <... futex resumed>) = 0 [pid 5271] <... openat resumed>) = 4 [ 75.020955][ T5271] loop0: detected capacity change from 0 to 32768 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0}) = 0 [pid 5270] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5271] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 0 [pid 5271] fspick(AT_FDCWD, ".", 0 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... fspick resumed>) = 5 [pid 5271] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5270] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5271] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] exit_group(0 [pid 5271] <... futex resumed>) = ? [pid 5270] <... exit_group resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555788fd730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.154329][ T5271] syz-executor226: attempt to access beyond end of device [ 75.154329][ T5271] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 75.167892][ T5271] lbmIODone: I/O error in JFS log [ 75.172939][ T5271] *** Log Format Error ! *** [ 75.178000][ T5271] lmLogInit: exit(-22) [ 75.182113][ T5271] lmLogOpen: exit(-22) unlink("./27/binderfs") = 0 umount2("./27/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file7", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555578905770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555578905770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file7") = 0 getdents64(3, 0x5555788fd730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached , child_tidptr=0x5555788fc690) = 5272 [pid 5272] set_robust_list(0x5555788fc6a0, 24) = 0 [pid 5272] chdir("./28") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5272] write(1, "executing program\n", 18) = 18 [pid 5272] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] rt_sigaction(SIGRT_1, {sa_handler=0x7fa78ee53fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa78ee45160}, NULL, 8) = 0 [pid 5272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78edc3000 [pid 5272] mprotect(0x7fa78edc4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78ede3990, parent_tid=0x7fa78ede3990, exit_signal=0, stack=0x7fa78edc3000, stack_size=0x20300, tls=0x7fa78ede36c0}./strace-static-x86_64: Process 5273 attached [pid 5273] rseq(0x7fa78ede3fe0, 0x20, 0, 0x53053053) = 0 [pid 5273] set_robust_list(0x7fa78ede39a0, 24 [pid 5272] <... clone3 resumed> => {parent_tid=[5273]}, 88) = 5273 [pid 5273] <... set_robust_list resumed>) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] memfd_create("syzkaller", 0 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] <... memfd_create resumed>) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa786800000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5273] munmap(0x7fa786800000, 138412032) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] close(4) = 0 [pid 5273] mkdir("./file7", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file7", "jfs", MS_RDONLY|MS_NOSUID|MS_NOATIME|MS_NODIRATIME, "") = 0 [pid 5273] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file7") = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5273] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5273] openat(AT_FDCWD, ".", O_RDONLY [pid 5272] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... openat resumed>) = 4 [pid 5273] futex(0x7fa78eebb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7fa78eebb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7fa78eebb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5273] ioctl(4, FITRIM, {start=0x4100, len=3689330049457127424, minlen=0} [ 75.659125][ T5273] loop0: detected capacity change from 0 to 32768 [pid 5272] futex(0x7fa78eebb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7fa78eebb6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa78eda2000 [pid 5272] mprotect(0x7fa78eda3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa78edc2990, parent_tid=0x7fa78edc2990, exit_signal=0, stack=0x7fa78eda2000, stack_size=0x20300, tls=0x7fa78edc26c0} => {parent_tid=[5274]}, 88) = 5274 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] futex(0x7fa78eebb6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa78eebb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7fa78edc2fe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7fa78edc29a0, 24) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] fspick(AT_FDCWD, ".", 0) = 5 [pid 5274] futex(0x7fa78eebb6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5274] futex(0x7fa78eebb6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7fa78eebb6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5274] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 75.797829][ T5273] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 75.810537][ T5273] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 75.812243][ T5274] syz-executor226: attempt to access beyond end of device [ 75.812243][ T5274] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 75.818947][ T5273] CPU: 0 UID: 0 PID: 5273 Comm: syz-executor226 Not tainted 6.10.0-syzkaller-12857-g910bfc26d16d #0 [ 75.818969][ T5273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 75.818979][ T5273] RIP: 0010:dbFree+0x10f/0x680 [ 75.836910][ T5274] lbmIODone: I/O error in JFS log [ 75.843003][ T5273] Code: 17 4d 4e fe 31 ff 4c 89 e6 e8 6d dd 72 fe 4d 85 e4 0f 84 e2 04 00 00 4c 89 f1 4f 8d 74 25 00 48 8b 14 24 48 89 d0 48 c1 e8 03 <80> 3c 08 00 74 0d 48 8b 3c 24 e8 92 eb d6 fe 48 8b 14 24 48 8b 1a [ 75.853892][ T5274] *** Log Format Error ! *** [ 75.857774][ T5273] RSP: 0018:ffffc900035c7bb0 EFLAGS: 00010246 [pid 5272] futex(0x7fa78eebb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 5274] futex(0x7fa78eebb6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7fa78eebb6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [ 75.857794][ T5273] RAX: 0000000000000000 RBX: ffff888027c092a0 RCX: dffffc0000000000 [ 75.857806][ T5273] RDX: 0000000000000000 RSI: 0000000000000ec0 RDI: 0000000000000000 [ 75.857816][ T5273] RBP: ffff88807a070000 R08: ffffffff8320a9f3 R09: 1ffff1100e91882b [ 75.857827][ T5273] R10: dffffc0000000000 R11: ffffed100e91882c R12: 0000000000000ec0 [ 75.857839][ T5273] R13: 0000000000000008 R14: 0000000000000ec8 R15: ffff8880748c5750 [ 75.857850][ T5273] FS: 00007fa78ede36c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 75.857864][ T5273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.857876][ T5273] CR2: 00007fa78edc2d58 CR3: 000000001ea1a000 CR4: 00000000003506f0 [ 75.863152][ T5274] lmLogInit: exit(-22) [ 75.882441][ T5273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.882453][ T5273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.882463][ T5273] Call Trace: [ 75.882470][ T5273] [ 75.882478][ T5273] ? __die_body+0x88/0xe0 [ 75.888814][ T5274] lmLogOpen: exit(-22) [ 75.893074][ T5273] ? die_addr+0x108/0x140 [ 75.995147][ T5273] ? exc_general_protection+0x3dd/0x5d0 [ 76.000698][ T5273] ? asm_exc_general_protection+0x26/0x30 [ 76.006407][ T5273] ? dbFree+0xf3/0x680 [ 76.010469][ T5273] ? dbFree+0x10f/0x680 [ 76.014611][ T5273] ? jfs_issue_discard+0x160/0x2c0 [ 76.019705][ T5273] dbDiscardAG+0x8a9/0xa20 [ 76.024108][ T5273] ? __pfx_dbDiscardAG+0x10/0x10 [ 76.029028][ T5273] ? __pfx_lock_release+0x10/0x10 [ 76.034036][ T5273] jfs_ioc_trim+0x433/0x670 [ 76.038534][ T5273] jfs_ioctl+0x2d0/0x3e0 [ 76.042761][ T5273] ? __pfx_jfs_ioctl+0x10/0x10 [ 76.047502][ T5273] ? __fget_files+0x29/0x470 [ 76.052084][ T5273] ? bpf_lsm_file_ioctl+0x9/0x10 [ 76.057006][ T5273] ? security_file_ioctl+0x87/0xb0 [ 76.062107][ T5273] ? __pfx_jfs_ioctl+0x10/0x10 [ 76.066877][ T5273] __se_sys_ioctl+0xfc/0x170 [ 76.071449][ T5273] do_syscall_64+0xf3/0x230 [ 76.075934][ T5273] ? clear_bhb_loop+0x35/0x90 [ 76.080599][ T5273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.086479][ T5273] RIP: 0033:0x7fa78ee2db99 [ 76.090888][ T5273] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.110651][ T5273] RSP: 002b:00007fa78ede3218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.119060][ T5273] RAX: ffffffffffffffda RBX: 00007fa78eebb6c8 RCX: 00007fa78ee2db99 [ 76.127014][ T5273] RDX: 0000000020000080 RSI: 00000000c0185879 RDI: 0000000000000004 [ 76.134972][ T5273] RBP: 00007fa78eebb6c0 R08: 0000000000000000 R09: 0000000000000000 [ 76.142925][ T5273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa78ee88084 [ 76.150880][ T5273] R13: 00007fa78ee8206b R14: 0037656c69662f2e R15: 3333222211110000 [ 76.158837][ T5273] [ 76.161840][ T5273] Modules linked in: [ 76.166982][ T5273] ---[ end trace 0000000000000000 ]--- [ 76.172459][ T5273] RIP: 0010:dbFree+0x10f/0x680 [ 76.177258][ T5273] Code: 17 4d 4e fe 31 ff 4c 89 e6 e8 6d dd 72 fe 4d 85 e4 0f 84 e2 04 00 00 4c 89 f1 4f 8d 74 25 00 48 8b 14 24 48 89 d0 48 c1 e8 03 <80> 3c 08 00 74 0d 48 8b 3c 24 e8 92 eb d6 fe 48 8b 14 24 48 8b 1a [ 76.196948][ T5273] RSP: 0018:ffffc900035c7bb0 EFLAGS: 00010246 [ 76.203035][ T5273] RAX: 0000000000000000 RBX: ffff888027c092a0 RCX: dffffc0000000000 [ 76.211032][ T5273] RDX: 0000000000000000 RSI: 0000000000000ec0 RDI: 0000000000000000 [ 76.219025][ T5273] RBP: ffff88807a070000 R08: ffffffff8320a9f3 R09: 1ffff1100e91882b [ 76.227026][ T5273] R10: dffffc0000000000 R11: ffffed100e91882c R12: 0000000000000ec0 [ 76.235020][ T5273] R13: 0000000000000008 R14: 0000000000000ec8 R15: ffff8880748c5750 [ 76.242978][ T5273] FS: 00007fa78ede36c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 76.251933][ T5273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.258546][ T5273] CR2: 00007fa78edc2d58 CR3: 000000001ea1a000 CR4: 00000000003506f0 [ 76.266548][ T5273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.274514][ T5273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.282529][ T5273] Kernel panic - not syncing: Fatal exception [ 76.288797][ T5273] Kernel Offset: disabled [ 76.293106][ T5273] Rebooting in 86400 seconds..