./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor198674823 <...> Warning: Permanently added '10.128.0.210' (ED25519) to the list of known hosts. execve("./syz-executor198674823", ["./syz-executor198674823"], 0x7ffded2d2560 /* 10 vars */) = 0 brk(NULL) = 0x5555634a3000 brk(0x5555634a3d00) = 0x5555634a3d00 arch_prctl(ARCH_SET_FS, 0x5555634a3380) = 0 set_tid_address(0x5555634a3650) = 296 set_robust_list(0x5555634a3660, 24) = 0 rseq(0x5555634a3ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor198674823", 4096) = 27 getrandom("\xfd\xc5\xf0\x9d\x5a\x61\x9f\x9f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555634a3d00 brk(0x5555634c4d00) = 0x5555634c4d00 brk(0x5555634c5000) = 0x5555634c5000 mprotect(0x7fd5749c8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 300 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x5555634a3660, 24) = 0 [pid 301] mkdir("./syzkaller.ef8fMn", 0700) = 0 [pid 301] chmod("./syzkaller.ef8fMn", 0777) = 0 [pid 301] chdir("./syzkaller.ef8fMn") = 0 [pid 301] mkdir("./0", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 297 attached ) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x5555634a3660, 24) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd56c514000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 303] munmap(0x7fd56c514000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4 [pid 300] set_robust_list(0x5555634a3660, 24 [pid 298] set_robust_list(0x5555634a3660, 24 [pid 297] set_robust_list(0x5555634a3660, 24 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 299] set_robust_list(0x5555634a3660, 24 [pid 298] mkdir("./syzkaller.3Nwrkw", 0700 [ 30.281248][ T24] audit: type=1400 audit(1730353300.030:66): avc: denied { execmem } for pid=296 comm="syz-executor198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 30.300631][ T24] audit: type=1400 audit(1730353300.050:67): avc: denied { read write } for pid=301 comm="syz-executor198" name="loop4" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 297] mkdir("./syzkaller.nrhjSy", 0700 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 299] mkdir("./syzkaller.tnMtwX", 0700) = 0 [pid 297] chmod("./syzkaller.nrhjSy", 0777) = 0 [pid 297] chdir("./syzkaller.nrhjSy") = 0 [pid 298] chmod("./syzkaller.3Nwrkw", 0777) = 0 [pid 297] mkdir("./0", 0777) = 0 [pid 299] chmod("./syzkaller.tnMtwX", 0777) = 0 [pid 299] chdir("./syzkaller.tnMtwX") = 0 [pid 299] mkdir("./0", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] mkdir("./syzkaller.RL2RZd", 0700 [pid 298] chdir("./syzkaller.3Nwrkw") = 0 [pid 298] mkdir("./0", 0777 [pid 299] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] <... mkdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] chmod("./syzkaller.RL2RZd", 0777) = 0 [pid 300] chdir("./syzkaller.RL2RZd") = 0 [pid 300] mkdir("./0", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 303] <... close resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 298] close(3 [pid 297] close(3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777 [pid 300] close(3) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555634a3650) = 306 [pid 298] <... clone resumed>, child_tidptr=0x5555634a3650) = 307 [pid 297] <... clone resumed>, child_tidptr=0x5555634a3650) = 305 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555634a3650) = 308 ./strace-static-x86_64: Process 305 attached ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 307 attached ./strace-static-x86_64: Process 308 attached [pid 306] set_robust_list(0x5555634a3660, 24 [pid 305] set_robust_list(0x5555634a3660, 24 [pid 307] set_robust_list(0x5555634a3660, 24 [pid 303] <... mkdir resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] chdir("./0" [pid 303] mount("/dev/loop4", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext4", 0, ",errors=continue" [pid 306] chdir("./0" [pid 305] <... chdir resumed>) = 0 [pid 306] <... chdir resumed>) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] <... prctl resumed>) = 0 [pid 306] <... prctl resumed>) = 0 [pid 305] setpgid(0, 0 [pid 306] setpgid(0, 0 [pid 305] <... setpgid resumed>) = 0 [pid 306] <... setpgid resumed>) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... openat resumed>) = 3 [pid 305] <... openat resumed>) = 3 [pid 307] <... set_robust_list resumed>) = 0 [pid 308] set_robust_list(0x5555634a3660, 24 [pid 306] write(3, "1000", 4 [pid 305] write(3, "1000", 4 [pid 308] <... set_robust_list resumed>) = 0 [pid 305] <... write resumed>) = 4 [pid 308] chdir("./0" [pid 306] <... write resumed>) = 4 [pid 305] close(3 [pid 306] close(3 [pid 305] <... close resumed>) = 0 [pid 306] <... close resumed>) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs" [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 306] <... symlink resumed>) = 0 [pid 305] <... symlink resumed>) = 0 [pid 308] <... chdir resumed>) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] memfd_create("syzkaller", 0executing program [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] memfd_create("syzkaller", 0 [pid 308] <... openat resumed>) = 3 [pid 306] <... memfd_create resumed>) = 3 [pid 305] <... memfd_create resumed>) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd56c514000 [pid 308] close(3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 308] <... close resumed>) = 0 [pid 306] <... mmap resumed>) = 0x7fd56c514000 [ 30.326761][ T24] audit: type=1400 audit(1730353300.050:68): avc: denied { open } for pid=301 comm="syz-executor198" path="/dev/loop4" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 30.350994][ T24] audit: type=1400 audit(1730353300.050:69): avc: denied { ioctl } for pid=301 comm="syz-executor198" path="/dev/loop4" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 307] chdir("./0"executing program ) = 0 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 308] <... mmap resumed>) = 0x7fd56c514000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 305] <... write resumed>) = 65536 [pid 306] <... write resumed>) = 65536 [pid 305] munmap(0x7fd56c514000, 138412032) = 0 [pid 306] munmap(0x7fd56c514000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 308] <... write resumed>) = 65536 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 308] munmap(0x7fd56c514000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd56c514000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 307] munmap(0x7fd56c514000, 138412032) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 30.408271][ T24] audit: type=1400 audit(1730353300.150:70): avc: denied { mounton } for pid=303 comm="syz-executor198" path="/root/syzkaller.ef8fMn/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 307] ioctl(4, LOOP_SET_FD, 3 [pid 308] <... openat resumed>) = 4 [pid 307] <... ioctl resumed>) = 0 [pid 306] <... openat resumed>) = 4 [pid 305] <... openat resumed>) = 4 [pid 305] ioctl(4, LOOP_SET_FD, 3 [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 307] close(3 [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 305] <... ioctl resumed>) = 0 [pid 305] close(3) = 0 [pid 305] close(4 [pid 307] <... close resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 307] close(4 [pid 306] <... ioctl resumed>) = 0 [pid 306] close(3) = 0 [pid 306] close(4 [pid 308] close(3) = 0 [ 30.457838][ T303] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 30.468892][ T24] audit: type=1400 audit(1730353300.220:71): avc: denied { mount } for pid=303 comm="syz-executor198" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 308] close(4 [pid 303] <... mount resumed>) = 0 [pid 303] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 305] <... close resumed>) = 0 [pid 305] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 305] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext4", 0, ",errors=continue" [pid 306] <... close resumed>) = 0 [pid 306] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 30.470617][ T303] ext4 filesystem being mounted at /root/syzkaller.ef8fMn/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [pid 306] mount("/dev/loop2", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext4", 0, ",errors=continue" [pid 308] <... close resumed>) = 0 [pid 308] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 308] mount("/dev/loop3", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext4", 0, ",errors=continue" [pid 307] <... close resumed>) = 0 [pid 307] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 30.629891][ T307] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 30.642143][ T307] ext4 filesystem being mounted at /root/syzkaller.3Nwrkw/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [pid 307] mount("/dev/loop1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext4", 0, ",errors=continue" [pid 303] <... openat resumed>) = 4 [pid 307] <... mount resumed>) = 0 [pid 307] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 303] ioctl(4, LOOP_CLR_FD [pid 306] <... mount resumed>) = 0 [ 30.649898][ T306] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 30.677867][ T308] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 30.688781][ T306] ext4 filesystem being mounted at /root/syzkaller.tnMtwX/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [pid 306] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY [pid 303] <... ioctl resumed>) = 0 [pid 303] close(4) = 0 [pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 308] <... mount resumed>) = 0 [pid 307] <... openat resumed>) = 4 [pid 306] <... openat resumed>) = 3 [pid 303] <... creat resumed>) = 4 [pid 308] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY [pid 307] ioctl(4, LOOP_CLR_FD [pid 306] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 308] <... openat resumed>) = 3 [pid 307] <... ioctl resumed>) = 0 [pid 308] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 306] <... chdir resumed>) = 0 [pid 307] close(4 [pid 308] <... chdir resumed>) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 307] <... close resumed>) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 307] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 306] <... openat resumed>) = 4 [pid 303] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 308] <... openat resumed>) = 4 [pid 308] ioctl(4, LOOP_CLR_FD [pid 307] <... creat resumed>) = 4 [pid 306] ioctl(4, LOOP_CLR_FD [pid 303] <... mknod resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 307] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 306] <... ioctl resumed>) = 0 [pid 308] close(4) = 0 [pid 307] <... mknod resumed>) = 0 [pid 306] close(4 [pid 303] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 308] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 307] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 306] <... close resumed>) = 0 [pid 303] <... link resumed>) = 0 [pid 303] rename("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 308] <... creat resumed>) = 4 [pid 307] <... link resumed>) = 0 [pid 306] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 303] <... rename resumed>) = 0 [pid 308] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 307] rename("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|FASYNC, 000 [pid 308] <... mknod resumed>) = 0 [pid 306] <... creat resumed>) = 4 [pid 303] <... open resumed>) = 5 [pid 303] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 308] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 307] <... rename resumed>) = 0 [pid 306] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 303] <... mount resumed>) = 0 [pid 308] <... link resumed>) = 0 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|FASYNC, 000 [pid 308] rename("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 306] <... mknod resumed>) = 0 [pid 303] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 307] <... open resumed>) = 5 [pid 303] <... open resumed>) = 6 [pid 308] <... rename resumed>) = 0 [pid 307] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 306] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 303] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 308] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|FASYNC, 000 [pid 307] <... mount resumed>) = 0 [pid 306] <... link resumed>) = 0 [pid 303] <... mmap resumed>) = 0x20000000 [pid 308] <... open resumed>) = 5 [pid 307] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 306] rename("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 303] bpf(BPF_PROG_LOAD, 0x20000080, 144 [pid 308] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 307] <... open resumed>) = 6 [pid 303] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 308] <... mount resumed>) = 0 [pid 307] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 306] <... rename resumed>) = 0 [pid 303] exit_group(0 [pid 308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 303] <... exit_group resumed>) = ? [pid 308] <... open resumed>) = 6 [pid 307] <... mmap resumed>) = 0x20000000 [pid 306] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|FASYNC, 000 [pid 303] +++ exited with 0 +++ [pid 308] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 307] bpf(BPF_PROG_LOAD, 0x20000080, 144 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 306] <... open resumed>) = 5 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 306] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 308] <... mmap resumed>) = 0x20000000 [pid 307] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 306] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 301] <... restart_syscall resumed>) = 0 [pid 308] bpf(BPF_PROG_LOAD, 0x20000080, 144 [pid 306] <... open resumed>) = 6 [pid 308] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 307] exit_group(0 [pid 306] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 308] exit_group(0 [pid 301] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 308] <... exit_group resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 306] <... mmap resumed>) = 0x20000000 [pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 308] +++ exited with 0 +++ [pid 306] bpf(BPF_PROG_LOAD, 0x20000080, 144 [pid 301] getdents64(3, [pid 307] +++ exited with 0 +++ [pid 306] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 301] <... getdents64 resumed>0x5555634a46f0 /* 4 entries */, 32768) = 352 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 306] exit_group(0 [pid 301] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 306] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./0/binderfs", [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 306] +++ exited with 0 +++ [pid 301] unlink("./0/binderfs" [pid 300] <... restart_syscall resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 301] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 300] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] newfstatat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] <... openat resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 300] newfstatat(3, "", [pid 301] openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... openat resumed>) = 4 [pid 300] getdents64(3, [pid 301] newfstatat(4, "", [pid 300] <... getdents64 resumed>0x5555634a46f0 /* 4 entries */, 32768) = 352 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_EMPTY_PATH) = 0 [pid 300] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... restart_syscall resumed>) = 0 [ 30.694288][ T308] ext4 filesystem being mounted at /root/syzkaller.RL2RZd/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 30.745779][ T24] audit: type=1400 audit(1730353300.490:72): avc: denied { write } for pid=303 comm="syz-executor198" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 301] getdents64(4, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./0/binderfs", [pid 299] <... restart_syscall resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./0/binderfs" [pid 298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] <... unlink resumed>) = 0 [pid 299] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] newfstatat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", [pid 299] <... openat resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(3, "", [pid 300] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 299] getdents64(3, [pid 300] openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... getdents64 resumed>0x5555634a46f0 /* 4 entries */, 32768) = 352 [pid 300] <... openat resumed>) = 4 [pid 299] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] newfstatat(4, "", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", [ 30.808808][ T301] EXT4-fs error (device loop4): __ext4_get_inode_loc:4437: comm syz-executor198: Invalid inode table block 14875662660405297151 in block_group 0 [ 30.827983][ T300] EXT4-fs error (device loop3): __ext4_get_inode_loc:4437: comm syz-executor198: Invalid inode table block 14875662660405297151 in block_group 0 [pid 300] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./0/binderfs" [pid 298] <... openat resumed>) = 3 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 299] newfstatat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 299] openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_EMPTY_PATH) = 0 [ 30.836027][ T24] audit: type=1400 audit(1730353300.490:73): avc: denied { add_name } for pid=303 comm="syz-executor198" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.844341][ T299] EXT4-fs error (device loop2): __ext4_get_inode_loc:4437: comm syz-executor198: Invalid inode table block 14875662660405297151 in block_group 0 [pid 299] getdents64(4, [ 30.884712][ T24] audit: type=1400 audit(1730353300.490:74): avc: denied { create } for pid=303 comm="syz-executor198" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.899564][ T301] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5897: Corrupt filesystem [ 30.950732][ T305] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555634a46f0 /* 4 entries */, 32768) = 352 [pid 298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./0/binderfs") = 0 [pid 298] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 298] newfstatat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 298] openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_EMPTY_PATH) = 0 [ 30.959520][ T24] audit: type=1400 audit(1730353300.490:75): avc: denied { write open } for pid=303 comm="syz-executor198" path="/root/syzkaller.ef8fMn/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.966247][ T298] EXT4-fs error (device loop1): __ext4_get_inode_loc:4437: comm syz-executor198: Invalid inode table block 14875662660405297151 in block_group 0 [ 31.027882][ T300] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5897: Corrupt filesystem [pid 298] getdents64(4, [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [ 31.042183][ T305] ext4 filesystem being mounted at /root/syzkaller.nrhjSy/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 31.051280][ T300] EXT4-fs error (device loop3): ext4_dirty_inode:6107: inode #2: comm syz-executor198: mark_inode_dirty error [ 31.085826][ T301] EXT4-fs error (device loop4): ext4_dirty_inode:6107: inode #2: comm syz-executor198: mark_inode_dirty error [pid 305] close(4) = 0 [pid 305] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 305] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 305] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 305] rename("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 305] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|FASYNC, 000) = 5 [pid 305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 305] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 305] bpf(BPF_PROG_LOAD, 0x20000080, 144) = -1 E2BIG (Argument list too long) [pid 305] exit_group(0) = ? [pid 305] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x5555634ac730 /* 1 entries */, 32768) = 192 [pid 301] umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 301] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", 0x7fff24a324e0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 301] exit_group(1) = ? [pid 301] +++ exited with 1 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=1, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 300] <... getdents64 resumed>0x5555634ac730 /* 1 entries */, 32768) = 192 [pid 299] <... getdents64 resumed>0x5555634ac730 /* 1 entries */, 32768) = 192 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 300] umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 300] <... umount2 resumed>) = -1 ENOENT (No such file or directory) [pid 297] <... restart_syscall resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", 0x7fff24a324e0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 300] exit_group(1 [pid 297] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] <... exit_group resumed>) = ? [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] +++ exited with 1 +++ [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555634a46f0 /* 4 entries */, 32768) = 352 [pid 297] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./0/binderfs") = 0 [pid 297] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 297] newfstatat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 297] openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=3072, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 296] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 299] umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x5555634ac730 /* 1 entries */, 32768) = 192 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=1, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 298] umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 ENOENT (No such file or directory) [pid 298] <... umount2 resumed>) = -1 ENOENT (No such file or directory) [pid 298] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", 0x7fff24a324e0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 299] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", 0x7fff24a324e0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 298] exit_group(1 [pid 299] exit_group(1 [pid 298] <... exit_group resumed>) = ? [pid 299] <... exit_group resumed>) = ? [ 31.097361][ T299] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem [ 31.124031][ T298] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5897: Corrupt filesystem [ 31.125258][ T299] EXT4-fs error (device loop2): ext4_dirty_inode:6107: inode #2: comm syz-executor198: mark_inode_dirty error [ 31.133656][ T298] EXT4-fs error (device loop1): ext4_dirty_inode:6107: inode #2: comm syz-executor198: mark_inode_dirty error [pid 298] +++ exited with 1 +++ [pid 296] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=1, si_utime=0, si_stime=6} --- [pid 296] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 299] +++ exited with 1 +++ [pid 296] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=1, si_utime=0, si_stime=6} --- [ 31.149048][ T297] ================================================================== [ 31.164064][ T297] BUG: KASAN: use-after-free in ext4_htree_fill_tree+0x1316/0x13e0 [ 31.171762][ T297] Read of size 1 at addr ffff88810d1a5d1b by task syz-executor198/297 [ 31.179732][ T297] [ 31.181909][ T297] CPU: 0 PID: 297 Comm: syz-executor198 Not tainted 5.10.226-syzkaller #0 [ 31.190236][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 31.200226][ T297] Call Trace: [ 31.203349][ T297] dump_stack_lvl+0x1e2/0x24b [ 31.207857][ T297] ? bfq_pos_tree_add_move+0x43b/0x43b [ 31.213150][ T297] ? panic+0x812/0x812 [ 31.217059][ T297] print_address_description+0x81/0x3b0 [ 31.222440][ T297] ? ext4_htree_store_dirent+0x19c/0x590 [ 31.227907][ T297] kasan_report+0x179/0x1c0 [ 31.232249][ T297] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 31.237660][ T297] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 31.243009][ T297] __asan_report_load1_noabort+0x14/0x20 [ 31.248561][ T297] ext4_htree_fill_tree+0x1316/0x13e0 [ 31.253770][ T297] ? ext4_handle_dirty_dirblock+0x6e0/0x6e0 [ 31.259505][ T297] ? __kasan_kmalloc+0x9/0x10 [ 31.264013][ T297] ? ext4_readdir+0x4df/0x37c0 [ 31.268611][ T297] ext4_readdir+0x2dde/0x37c0 [ 31.273217][ T297] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.278249][ T297] ? switch_mm_irqs_off+0x71b/0x9a0 [ 31.283279][ T297] ? __switch_to_asm+0x34/0x60 [ 31.287877][ T297] ? ext4_dir_llseek+0x4c0/0x4c0 [ 31.292652][ T297] ? __schedule+0xbee/0x1330 [ 31.297080][ T297] ? __kasan_check_write+0x14/0x20 [ 31.302031][ T297] ? down_read_killable+0x101/0x220 [ 31.307062][ T297] ? down_read_interruptible+0x220/0x220 [ 31.312531][ T297] ? security_file_permission+0x86/0xb0 [ 31.318028][ T297] iterate_dir+0x265/0x580 [ 31.322269][ T297] ? ext4_dir_llseek+0x4c0/0x4c0 [ 31.327045][ T297] __se_sys_getdents64+0x1c1/0x460 [ 31.332077][ T297] ? __x64_sys_getdents64+0x90/0x90 [ 31.337107][ T297] ? filldir+0x680/0x680 [ 31.341194][ T297] ? debug_smp_processor_id+0x17/0x20 [ 31.346400][ T297] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 31.352300][ T297] ? irqentry_exit_to_user_mode+0x41/0x80 [ 31.357981][ T297] __x64_sys_getdents64+0x7b/0x90 [ 31.362842][ T297] do_syscall_64+0x34/0x70 [ 31.367096][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 31.372820][ T297] RIP: 0033:0x7fd57497b2f3 [ 31.377084][ T297] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 47 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 [ 31.396517][ T297] RSP: 002b:00007fff24a32478 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 31.404759][ T297] RAX: ffffffffffffffda RBX: 00005555634ac730 RCX: 00007fd57497b2f3 [ 31.412569][ T297] RDX: 0000000000008000 RSI: 00005555634ac730 RDI: 0000000000000004 [ 31.420384][ T297] RBP: 00005555634ac704 R08: 0000000000000000 R09: 0000000000000000 [ 31.428194][ T297] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8 [ 31.436011][ T297] R13: 0000000000000010 R14: 00005555634ac700 R15: 00007fff24a346f0 [ 31.443822][ T297] [ 31.445988][ T297] Allocated by task 293: [ 31.450068][ T297] __kasan_slab_alloc+0xb1/0xe0 [ 31.454753][ T297] slab_post_alloc_hook+0x61/0x2f0 [ 31.459708][ T297] kmem_cache_alloc+0x168/0x2e0 [ 31.464389][ T297] getname_flags+0xba/0x520 [ 31.468725][ T297] getname+0x19/0x20 [ 31.472456][ T297] do_sys_openat2+0xd7/0x710 [ 31.476883][ T297] __x64_sys_openat+0x243/0x290 [ 31.481572][ T297] do_syscall_64+0x34/0x70 [ 31.485928][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 31.491649][ T297] [ 31.493807][ T297] Freed by task 293: [ 31.497547][ T297] kasan_set_track+0x4b/0x70 [ 31.501969][ T297] kasan_set_free_info+0x23/0x40 [ 31.506743][ T297] ____kasan_slab_free+0x121/0x160 [ 31.511688][ T297] __kasan_slab_free+0x11/0x20 [ 31.516292][ T297] slab_free_freelist_hook+0xc0/0x190 [ 31.521500][ T297] kmem_cache_free+0xa9/0x1e0 [ 31.526009][ T297] putname+0xe7/0x140 [ 31.529827][ T297] do_sys_openat2+0x1fc/0x710 [ 31.534340][ T297] __x64_sys_openat+0x243/0x290 [ 31.539116][ T297] do_syscall_64+0x34/0x70 [ 31.543369][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 31.549092][ T297] [ 31.551265][ T297] The buggy address belongs to the object at ffff88810d1a5500 [ 31.551265][ T297] which belongs to the cache names_cache of size 4096 [ 31.565240][ T297] The buggy address is located 2075 bytes inside of [ 31.565240][ T297] 4096-byte region [ffff88810d1a5500, ffff88810d1a6500) [ 31.578514][ T297] The buggy address belongs to the page: [ 31.584003][ T297] page:ffffea0004346800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d1a0 [ 31.594070][ T297] head:ffffea0004346800 order:3 compound_mapcount:0 compound_pincount:0 [ 31.602227][ T297] flags: 0x4000000000010200(slab|head) [ 31.607517][ T297] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100193200 [ 31.615965][ T297] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 31.624366][ T297] page dumped because: kasan: bad access detected [ 31.630598][ T297] page_owner tracks the page as allocated [ 31.636155][ T297] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 293, ts 30264746384, free_ts 24468352154 [ 31.654992][ T297] prep_new_page+0x166/0x180 [ 31.659420][ T297] get_page_from_freelist+0x2d8c/0x2f30 [ 31.664792][ T297] __alloc_pages_nodemask+0x435/0xaf0 [ 31.669997][ T297] new_slab+0x80/0x400 [ 31.673903][ T297] ___slab_alloc+0x302/0x4b0 [ 31.678332][ T297] __slab_alloc+0x63/0xa0 [ 31.682498][ T297] kmem_cache_alloc+0x1b9/0x2e0 [ 31.687181][ T297] getname_flags+0xba/0x520 [ 31.691524][ T297] getname+0x19/0x20 [ 31.695256][ T297] do_sys_openat2+0xd7/0x710 [ 31.699681][ T297] __x64_sys_openat+0x243/0x290 [ 31.704367][ T297] do_syscall_64+0x34/0x70 [ 31.708625][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 31.714350][ T297] page last free stack trace: [ 31.718872][ T297] __free_pages_ok+0x82c/0x850 [ 31.723461][ T297] free_the_page+0x76/0x370 [ 31.727802][ T297] __free_pages+0x67/0xc0 [ 31.731966][ T297] __free_slab+0xcf/0x190 [ 31.736134][ T297] discard_slab+0x29/0x40 [ 31.740302][ T297] __slab_free+0x30d/0x3a0 [ 31.744590][ T297] ___cache_free+0x111/0x130 [ 31.748981][ T297] qlink_free+0x50/0x90 [ 31.753063][ T297] qlist_free_all+0x47/0xb0 [ 31.757407][ T297] kasan_quarantine_reduce+0x15a/0x170 [ 31.762693][ T297] __kasan_slab_alloc+0x2f/0xe0 [ 31.767388][ T297] slab_post_alloc_hook+0x61/0x2f0 [ 31.772329][ T297] kmem_cache_alloc+0x168/0x2e0 [ 31.777014][ T297] sock_alloc_inode+0x1b/0xb0 [ 31.781529][ T297] new_inode_pseudo+0x64/0x220 [ 31.786133][ T297] __sock_create+0x135/0x760 [ 31.790551][ T297] [ 31.792719][ T297] Memory state around the buggy address: [ 31.798212][ T297] ffff88810d1a5c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.806099][ T297] ffff88810d1a5c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.814078][ T297] >ffff88810d1a5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.821970][ T297] ^ [ 31.826659][ T297] ffff88810d1a5d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.834557][ T297] ffff88810d1a5e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.842454][ T297] ================================================================== [ 31.850389][ T297] Disabling lock debugging due to kernel taint [pid 296] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 297] <... getdents64 resumed>0x5555634ac730 /* 1 entries */, 32768) = 192 [pid 297] umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 297] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x30\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2f\xc5\xc1\xca\x7a\xa5\x02\x61\xa3\x08\x9a\x1e\xbf\x07\x2e", 0x7fff24a324e0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 297] exit_group(1) = ? [pid 297] +++ exited with 1 +++ <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=1, si_utime=0, si_stime=3} --- [ 31.856820][ T297] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm syz-executor198: Invalid inode table block 14875662660405297151 in block_group 0 [ 31.871719][ T297] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5897: Corrupt filesystem [ 31.881162][ T297] EXT4-fs error (device loop0): ext4_dirty_inode:6107: inode #2: comm syz-executor198: mark_inode_dirty error