./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3762178099 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 4645 [ 30.857848][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.867291][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. execve("./syz-executor3762178099", ["./syz-executor3762178099"], 0x7fff68123880 /* 10 vars */) = 0 brk(NULL) = 0x555555ae1000 brk(0x555555ae1c40) = 0x555555ae1c40 arch_prctl(ARCH_SET_FS, 0x555555ae1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555ae15d0) = 5066 set_robust_list(0x555555ae15e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f72a37c86b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f72a37c8d80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f72a37c8750, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f72a37c8d80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3762178099", 4096) = 28 brk(0x555555b02c40) = 0x555555b02c40 brk(0x555555b03000) = 0x555555b03000 mprotect(0x7f72a388b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5066 mkdir("./syzkaller.HIe4Ke", 0700) = 0 chmod("./syzkaller.HIe4Ke", 0777) = 0 chdir("./syzkaller.HIe4Ke") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5067] chdir("./0") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5067] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5069 [pid 5067] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5069] munmap(0x7f729b397000, 1048576) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file0", 0777) = 0 syzkaller login: [ 53.483216][ T5069] loop0: detected capacity change from 0 to 2048 [ 53.492585][ T5069] EXT4-fs: Ignoring removed i_version option [ 53.513032][ T5069] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5069] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file0") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] mkdir("./bus", 000) = 0 [pid 5069] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5069] chdir("./bus" [pid 5067] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... chdir resumed>) = 0 [pid 5069] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5067] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5069] mkdir("./bus", 000 [pid 5067] <... clone resumed>, parent_tid=[5073], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5073 [pid 5067] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5069] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f729b4969e0, 24 [pid 5069] <... futex resumed>) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5069] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] memfd_create("syzkaller", 0) = 4 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 53.527555][ T5069] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 53.539962][ T5069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5073] munmap(0x7f7293076000, 2097152) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5073] ioctl(5, LOOP_CLR_FD) = 0 [pid 5073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5073] close(5) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] exit_group(0 [pid 5069] <... futex resumed>) = ? [pid 5067] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5074] chdir("./1") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5074] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5075 [pid 5074] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5075] munmap(0x7f729b397000, 1048576) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.649786][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [ 53.710327][ T5075] loop0: detected capacity change from 0 to 2048 [ 53.719838][ T5075] EXT4-fs: Ignoring removed i_version option [ 53.732599][ T5075] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 53.746497][ T5075] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5075] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] mkdir("./bus", 000) = 0 [pid 5075] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] chdir("./bus") = 0 [pid 5075] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] mkdir("./bus", 000 [pid 5074] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] <... mkdir resumed>) = 0 [pid 5074] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... mmap resumed>) = 0x7f729b476000 [pid 5074] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5078 [pid 5074] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0) = 4 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5078] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5078] munmap(0x7f7293076000, 2097152) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 53.757561][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5078] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5078] ioctl(5, LOOP_CLR_FD) = 0 [pid 5078] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5078] close(5) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0 [pid 5075] <... futex resumed>) = ? [pid 5074] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5079] chdir("./2") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5079] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5080], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5080 [pid 5079] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.864228][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5079] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5080] munmap(0x7f729b397000, 1048576) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [ 53.938773][ T5080] loop0: detected capacity change from 0 to 2048 [ 53.948019][ T5080] EXT4-fs: Ignoring removed i_version option [ 53.963690][ T5080] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 53.977385][ T5080] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5080] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5079] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] mkdir("./bus", 000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... mkdir resumed>) = 0 [pid 5080] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5080] chdir("./bus") = 0 [pid 5079] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5079] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] mkdir("./bus", 000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... mkdir resumed>) = 0 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... mmap resumed>) = 0x7f729b476000 [pid 5079] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7f729b4969e0, 24 [pid 5079] <... clone resumed>, parent_tid=[5083], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5083 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5079] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] memfd_create("syzkaller", 0 [pid 5079] <... futex resumed>) = 0 [pid 5083] <... memfd_create resumed>) = 4 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 53.988925][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5083] munmap(0x7f7293076000, 2097152) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5083] ioctl(5, LOOP_CLR_FD) = 0 [pid 5083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5083] close(5) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5085] chdir("./3") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 54.096804][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5085] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5086 attached , parent_tid=[5086], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5086 [pid 5086] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5086] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5085] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5086] munmap(0x7f729b397000, 1048576) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 54.179502][ T5086] loop0: detected capacity change from 0 to 2048 [ 54.189699][ T5086] EXT4-fs: Ignoring removed i_version option [ 54.202261][ T5086] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 54.216206][ T5086] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5086] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] mkdir("./bus", 000) = 0 [pid 5086] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] chdir("./bus") = 0 [pid 5086] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] mkdir("./bus", 000 [pid 5085] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5085] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5089 attached , parent_tid=[5089], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5089 [pid 5089] set_robust_list(0x7f729b4969e0, 24 [pid 5085] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5089] memfd_create("syzkaller", 0) = 4 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5089] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [ 54.227145][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5089] munmap(0x7f7293076000, 2097152) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5089] ioctl(5, LOOP_CLR_FD) = 0 [pid 5089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5089] close(5) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5090] chdir("./4") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5090] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached , parent_tid=[5091], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5091 [ 54.319783][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5091] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5091] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5090] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f729b397000, 1048576) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [ 54.410144][ T5091] loop0: detected capacity change from 0 to 2048 [ 54.419656][ T5091] EXT4-fs: Ignoring removed i_version option [ 54.432488][ T5091] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 54.446694][ T5091] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5091] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] mkdir("./bus", 000 [pid 5090] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... mkdir resumed>) = 0 [pid 5091] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] chdir("./bus" [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... chdir resumed>) = 0 [pid 5091] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5090] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5094 attached , parent_tid=[5094], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5094 [pid 5094] set_robust_list(0x7f729b4969e0, 24 [pid 5090] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5094] memfd_create("syzkaller", 0) = 4 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5091] mkdir("./bus", 000) = 0 [pid 5091] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [ 54.457687][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f7293076000, 2097152) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5094] ioctl(5, LOOP_CLR_FD) = 0 [pid 5094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5094] close(5) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5095] chdir("./5") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [ 54.565285][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5095] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5096] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... clone resumed>, parent_tid=[5096], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5096 [pid 5095] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5095] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5096] munmap(0x7f729b397000, 1048576) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [ 54.644944][ T5096] loop0: detected capacity change from 0 to 2048 [ 54.655518][ T5096] EXT4-fs: Ignoring removed i_version option [ 54.672848][ T5096] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5096] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] mkdir("./bus", 000 [pid 5095] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... mkdir resumed>) = 0 [pid 5096] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] chdir("./bus" [pid 5095] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... chdir resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] mkdir("./bus", 000 [pid 5095] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... mkdir resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5095] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5099 [pid 5095] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 4 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 54.686910][ T5096] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 54.697579][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5099] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5099] munmap(0x7f7293076000, 2097152) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5099] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5099] ioctl(5, LOOP_CLR_FD) = 0 [pid 5099] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5099] close(5) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5099] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5100] chdir("./6") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5100] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5101 attached [ 54.800233][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5101] set_robust_list(0x7f72a37b79e0, 24 [pid 5100] <... clone resumed>, parent_tid=[5101], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5101 [pid 5100] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] <... memfd_create resumed>) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5101] munmap(0x7f729b397000, 1048576) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 54.891485][ T5101] loop0: detected capacity change from 0 to 2048 [ 54.899935][ T5101] EXT4-fs: Ignoring removed i_version option [ 54.912531][ T5101] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 54.927120][ T5101] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5101] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5101] mkdir("./bus", 000) = 0 [pid 5101] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] chdir("./bus") = 0 [pid 5101] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5100] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f729b4969e0, 24 [pid 5100] <... clone resumed>, parent_tid=[5104], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5104 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5100] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] memfd_create("syzkaller", 0) = 4 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5101] mkdir("./bus", 000) = 0 [pid 5101] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [ 54.937733][ T5101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5104] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2098679) = 2098679 [pid 5104] munmap(0x7f7293076000, 2098679) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5104] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5104] ioctl(5, LOOP_CLR_FD) = 0 [pid 5104] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5104] close(5) = 0 [pid 5104] close(4) = 0 [pid 5104] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] exit_group(0) = ? [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5105] chdir("./7") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5105] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5106 [pid 5105] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 55.067897][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f729b397000, 1048576) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [ 55.137994][ T5106] loop0: detected capacity change from 0 to 2048 [ 55.157296][ T5106] EXT4-fs: Ignoring removed i_version option [ 55.172272][ T5106] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5106] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] mkdir("./bus", 000) = 0 [pid 5106] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] chdir("./bus") = 0 [pid 5106] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5105] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5109 [pid 5105] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5106] mkdir("./bus", 000) = 0 ./strace-static-x86_64: Process 5109 attached [pid 5106] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5109] memfd_create("syzkaller", 0) = 4 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 55.186768][ T5106] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 55.198624][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5109] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5109] munmap(0x7f7293076000, 2097152) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5109] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5109] ioctl(5, LOOP_CLR_FD) = 0 [pid 5109] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5109] close(5) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5110] chdir("./8") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5110] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5111], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5111 [pid 5110] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 55.297112][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5111] munmap(0x7f729b397000, 1048576) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file0", 0777) = 0 [ 55.362033][ T5111] loop0: detected capacity change from 0 to 2048 [ 55.372814][ T5111] EXT4-fs: Ignoring removed i_version option [ 55.393616][ T5111] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5111] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file0") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] mkdir("./bus", 000) = 0 [pid 5111] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] chdir("./bus" [pid 5110] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... chdir resumed>) = 0 [pid 5111] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] mkdir("./bus", 000 [pid 5110] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] <... mkdir resumed>) = 0 [pid 5110] <... mmap resumed>) = 0x7f729b476000 [pid 5111] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5111] <... futex resumed>) = 0 [pid 5110] <... mprotect resumed>) = 0 [pid 5111] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5114 [pid 5110] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 4 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 55.407855][ T5111] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 55.419658][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5114] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f7293076000, 2097152) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5114] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5114] ioctl(5, LOOP_CLR_FD) = 0 [pid 5114] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5114] close(5) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5115] chdir("./9") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [ 55.526093][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5115] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5116] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... clone resumed>, parent_tid=[5116], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5116 [pid 5115] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5116] munmap(0x7f729b397000, 1048576) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [ 55.603969][ T5116] loop0: detected capacity change from 0 to 2048 [ 55.613144][ T5116] EXT4-fs: Ignoring removed i_version option [ 55.632402][ T5116] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5116] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 1 [pid 5116] mkdir("./bus", 000) = 0 [pid 5116] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] chdir("./bus" [pid 5115] <... futex resumed>) = 0 [pid 5116] <... chdir resumed>) = 0 [pid 5115] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] mkdir("./bus", 000 [pid 5115] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... mkdir resumed>) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5115] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x7f729b4969e0, 24 [pid 5115] <... clone resumed>, parent_tid=[5119], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5119 [pid 5119] <... set_robust_list resumed>) = 0 [pid 5115] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] memfd_create("syzkaller", 0 [pid 5115] <... futex resumed>) = 0 [pid 5119] <... memfd_create resumed>) = 4 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 55.646285][ T5116] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 55.657114][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5119] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5119] munmap(0x7f7293076000, 2097152) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5119] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5119] ioctl(5, LOOP_CLR_FD) = 0 [pid 5119] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5119] close(5) = 0 [pid 5119] close(4) = 0 [pid 5119] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] exit_group(0 [pid 5119] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5120] chdir("./10") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5120] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5121 attached , parent_tid=[5121], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5121 [pid 5120] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 55.753218][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5121] munmap(0x7f729b397000, 1048576) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./file0", 0777) = 0 [ 55.810301][ T5121] loop0: detected capacity change from 0 to 2048 [ 55.820965][ T5121] EXT4-fs: Ignoring removed i_version option [ 55.832363][ T5121] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 55.846684][ T5121] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5121] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file0") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] mkdir("./bus", 000) = 0 [pid 5121] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] chdir("./bus") = 0 [pid 5121] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5121] mkdir("./bus", 000 [pid 5120] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] <... mkdir resumed>) = 0 [pid 5120] <... mmap resumed>) = 0x7f729b476000 [pid 5121] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5121] <... futex resumed>) = 0 [pid 5120] <... mprotect resumed>) = 0 [pid 5121] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x7f729b4969e0, 24 [pid 5120] <... clone resumed>, parent_tid=[5124], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5124 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5120] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] memfd_create("syzkaller", 0 [pid 5120] <... futex resumed>) = 0 [pid 5124] <... memfd_create resumed>) = 4 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5124] munmap(0x7f7293076000, 2097152) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5124] ioctl(5, LOOP_CLR_FD) = 0 [ 55.857641][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5124] close(5) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0 [pid 5121] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5124] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5125] chdir("./11") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [ 55.957012][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5125] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5126 attached , parent_tid=[5126], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5126 [pid 5125] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5126] munmap(0x7f729b397000, 1048576) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 56.039090][ T5126] loop0: detected capacity change from 0 to 2048 [ 56.048330][ T5126] EXT4-fs: Ignoring removed i_version option [ 56.072258][ T5126] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5126] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] mkdir("./bus", 000 [pid 5125] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... mkdir resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] chdir("./bus" [pid 5125] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... chdir resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] mkdir("./bus", 000 [pid 5125] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... mkdir resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5125] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5129 attached , parent_tid=[5129], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5129 [pid 5125] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5129] memfd_create("syzkaller", 0) = 4 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 56.086025][ T5126] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 56.097616][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5129] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5129] munmap(0x7f7293076000, 2097152) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5129] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5129] ioctl(5, LOOP_CLR_FD) = 0 [pid 5129] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5129] close(5) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5129] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5130] chdir("./12") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [ 56.198128][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5130] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5130] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5131], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5131 [pid 5130] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5131] munmap(0x7f729b397000, 1048576) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file0", 0777) = 0 [ 56.278281][ T5131] loop0: detected capacity change from 0 to 2048 [ 56.288637][ T5131] EXT4-fs: Ignoring removed i_version option [ 56.302712][ T5131] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 56.316742][ T5131] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5131] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file0") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] <... futex resumed>) = 0 [pid 5131] mkdir("./bus", 000 [pid 5130] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... mkdir resumed>) = 0 [pid 5131] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] chdir("./bus" [pid 5130] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... chdir resumed>) = 0 [pid 5131] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] mkdir("./bus", 000 [pid 5130] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... mkdir resumed>) = 0 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5130] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7f729b4969e0, 24 [pid 5130] <... clone resumed>, parent_tid=[5134], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5134 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5130] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] memfd_create("syzkaller", 0 [pid 5130] <... futex resumed>) = 0 [pid 5134] <... memfd_create resumed>) = 4 [ 56.327619][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5134] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5134] munmap(0x7f7293076000, 2097152) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5134] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5134] ioctl(5, LOOP_CLR_FD) = 0 [pid 5134] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5134] close(5) = 0 [pid 5134] close(4) = 0 [pid 5134] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] exit_group(0 [pid 5131] <... futex resumed>) = ? [pid 5130] <... exit_group resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x555555ae15d0) = 5135 [pid 5135] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5135] chdir("./13") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5135] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5136 [pid 5135] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [ 56.443701][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5136] munmap(0x7f729b397000, 1048576) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./file0", 0777) = 0 [ 56.517274][ T5136] loop0: detected capacity change from 0 to 2048 [ 56.527841][ T5136] EXT4-fs: Ignoring removed i_version option [ 56.542841][ T5136] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5136] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file0") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] <... futex resumed>) = 0 [pid 5136] mkdir("./bus", 000 [pid 5135] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... mkdir resumed>) = 0 [pid 5136] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5135] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] chdir("./bus") = 0 [pid 5136] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] mkdir("./bus", 000 [pid 5135] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... mkdir resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5136] memfd_create("syzkaller", 0) = 4 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293097000 [ 56.559689][ T5136] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 56.571870][ T5136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5136] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5136] munmap(0x7f7293097000, 2097152) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5136] ioctl(5, LOOP_CLR_FD) = 0 [pid 5136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5136] close(5) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0 [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5139] chdir("./14") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555555ae15d0) = 5139 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [ 56.687179][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5139] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5140], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5140 [pid 5139] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5140] munmap(0x7f729b397000, 1048576) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./file0", 0777) = 0 [ 56.768342][ T5140] loop0: detected capacity change from 0 to 2048 [ 56.777907][ T5140] EXT4-fs: Ignoring removed i_version option [ 56.802262][ T5140] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5140] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file0") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] mkdir("./bus", 000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... mkdir resumed>) = 0 [pid 5140] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] chdir("./bus" [pid 5139] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... chdir resumed>) = 0 [pid 5140] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] mkdir("./bus", 000 [pid 5139] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5140] <... mkdir resumed>) = 0 [pid 5139] <... mmap resumed>) = 0x7f729b476000 [pid 5140] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... mprotect resumed>) = 0 [pid 5139] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5143 attached , parent_tid=[5143], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5143 [pid 5143] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5143] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] memfd_create("syzkaller", 0) = 4 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 56.817939][ T5140] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 56.828868][ T5140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5143] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5143] munmap(0x7f7293076000, 2097152) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5143] ioctl(5, LOOP_CLR_FD) = 0 [pid 5143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5143] close(5) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... exit_group resumed>) = ? [pid 5143] <... futex resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5144] chdir("./15") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.950882][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5144] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5145] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] memfd_create("syzkaller", 0 [pid 5144] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... memfd_create resumed>) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5145] munmap(0x7f729b397000, 1048576) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 57.030361][ T5145] loop0: detected capacity change from 0 to 2048 [ 57.049472][ T5145] EXT4-fs: Ignoring removed i_version option [ 57.062852][ T5145] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5145] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] mkdir("./bus", 000) = 0 [pid 5145] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] chdir("./bus") = 0 [pid 5145] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5145] mkdir("./bus", 000 [pid 5144] <... mmap resumed>) = 0x7f729b476000 [pid 5144] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5148 attached [pid 5145] <... mkdir resumed>) = 0 [pid 5144] <... clone resumed>, parent_tid=[5148], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5148 [pid 5144] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] set_robust_list(0x7f729b4969e0, 24 [pid 5145] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... set_robust_list resumed>) = 0 [pid 5148] memfd_create("syzkaller", 0) = 4 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 57.077335][ T5145] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 57.088228][ T5145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5148] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5148] munmap(0x7f7293076000, 2097152) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5148] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5148] ioctl(5, LOOP_CLR_FD) = 0 [pid 5148] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5148] close(5) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5148] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5149] chdir("./16") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5149] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5150 attached , parent_tid=[5150], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5150 [pid 5150] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5150] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [ 57.197730][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5149] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5150] munmap(0x7f729b397000, 1048576) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [ 57.273329][ T5150] loop0: detected capacity change from 0 to 2048 [ 57.285343][ T5150] EXT4-fs: Ignoring removed i_version option [ 57.303578][ T5150] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5150] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] mkdir("./bus", 000) = 0 [pid 5150] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] chdir("./bus") = 0 [pid 5150] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5149] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5153 [pid 5149] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5153 attached [pid 5150] mkdir("./bus", 000 [pid 5149] <... futex resumed>) = 0 [pid 5153] set_robust_list(0x7f729b4969e0, 24 [pid 5150] <... mkdir resumed>) = 0 [pid 5153] <... set_robust_list resumed>) = 0 [pid 5150] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] memfd_create("syzkaller", 0) = 4 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 57.317495][ T5150] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 57.328166][ T5150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5153] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5153] munmap(0x7f7293076000, 2097152) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5153] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5153] ioctl(5, LOOP_CLR_FD) = 0 [pid 5153] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5153] close(5) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] exit_group(0) = ? [pid 5150] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5154] chdir("./17") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [ 57.443032][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5154] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5155] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... clone resumed>, parent_tid=[5155], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5155 [pid 5154] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... memfd_create resumed>) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5155] munmap(0x7f729b397000, 1048576) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file0", 0777) = 0 [ 57.523169][ T5155] loop0: detected capacity change from 0 to 2048 [ 57.533438][ T5155] EXT4-fs: Ignoring removed i_version option [ 57.553116][ T5155] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5155] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file0") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5155] mkdir("./bus", 000 [pid 5154] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... mkdir resumed>) = 0 [pid 5155] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] chdir("./bus" [pid 5154] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... chdir resumed>) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5154] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5158], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5154] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] set_robust_list(0x7f729b4969e0, 24 [pid 5154] <... futex resumed>) = 0 [pid 5158] <... set_robust_list resumed>) = 0 [pid 5158] memfd_create("syzkaller", 0 [pid 5155] mkdir("./bus", 000 [pid 5158] <... memfd_create resumed>) = 4 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5155] <... mkdir resumed>) = 0 [pid 5158] <... mmap resumed>) = 0x7f7293076000 [pid 5155] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.568504][ T5155] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 57.582137][ T5155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5155] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2098679) = 2098679 [pid 5158] munmap(0x7f7293076000, 2098679) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5158] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5158] ioctl(5, LOOP_CLR_FD) = 0 [pid 5158] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5158] close(5) = 0 [pid 5158] close(4) = 0 [pid 5158] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] exit_group(0) = ? [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5158] <... futex resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x555555ae15d0) = 5159 [pid 5159] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5159] chdir("./18") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [ 57.688773][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5159] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5160 attached , parent_tid=[5160], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5160 [pid 5160] set_robust_list(0x7f72a37b79e0, 24 [pid 5159] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] <... set_robust_list resumed>) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5160] munmap(0x7f729b397000, 1048576) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file0", 0777) = 0 [ 57.775825][ T5160] loop0: detected capacity change from 0 to 2048 [ 57.787154][ T5160] EXT4-fs: Ignoring removed i_version option [ 57.802860][ T5160] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 57.816929][ T5160] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5160] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file0") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] mkdir("./bus", 000) = 0 [pid 5160] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] chdir("./bus") = 0 [pid 5160] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5159] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5163 attached , parent_tid=[5163], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5163 [pid 5159] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5160] mkdir("./bus", 000) = 0 [pid 5163] set_robust_list(0x7f729b4969e0, 24 [pid 5160] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... set_robust_list resumed>) = 0 [pid 5163] memfd_create("syzkaller", 0) = 4 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 57.827729][ T5160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5163] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5163] munmap(0x7f7293076000, 2097152) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5163] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5163] ioctl(5, LOOP_CLR_FD) = 0 [pid 5163] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5163] close(5) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5159] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5163] <... futex resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555555ae15d0) = 5164 [pid 5164] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5164] chdir("./19") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [ 57.927162][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5164] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5165 attached , parent_tid=[5165], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5165 [pid 5165] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5165] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5164] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5165] munmap(0x7f729b397000, 1048576) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file0", 0777) = 0 [ 58.020942][ T5165] loop0: detected capacity change from 0 to 2048 [ 58.036536][ T5165] EXT4-fs: Ignoring removed i_version option [ 58.052653][ T5165] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5165] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file0") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] mkdir("./bus", 000) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5164] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] chdir("./bus") = 0 [pid 5165] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5164] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached , parent_tid=[5168], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5168 [pid 5168] set_robust_list(0x7f729b4969e0, 24 [pid 5164] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5168] memfd_create("syzkaller", 0) = 4 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5165] mkdir("./bus", 000) = 0 [pid 5165] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [ 58.066527][ T5165] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 58.077309][ T5165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5168] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5168] munmap(0x7f7293076000, 2097152) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5168] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5168] ioctl(5, LOOP_CLR_FD) = 0 [pid 5168] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5168] close(5) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] exit_group(0) = ? [pid 5168] <... futex resumed>) = ? [pid 5165] <... futex resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5169] chdir("./20") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5169] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5170 [pid 5169] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5066] <... clone resumed>, child_tidptr=0x555555ae15d0) = 5169 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5170] munmap(0x7f729b397000, 1048576) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.183122][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file0", 0777) = 0 [ 58.243879][ T5170] loop0: detected capacity change from 0 to 2048 [ 58.252569][ T5170] EXT4-fs: Ignoring removed i_version option [ 58.262576][ T5170] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 58.276694][ T5170] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5170] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file0") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 1 [pid 5170] mkdir("./bus", 000) = 0 [pid 5170] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 1 [pid 5170] chdir("./bus") = 0 [pid 5170] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5169] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5173], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5173 [pid 5169] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5170] mkdir("./bus", 000) = 0 [pid 5170] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5173] memfd_create("syzkaller", 0) = 4 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5173] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5173] munmap(0x7f7293076000, 2097152) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 58.287403][ T5170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5173] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5173] ioctl(5, LOOP_CLR_FD) = 0 [pid 5173] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5173] close(5) = 0 [pid 5173] close(4) = 0 [pid 5173] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] exit_group(0 [pid 5170] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5173] <... futex resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5174] chdir("./21") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5174] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5175], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5175 [pid 5174] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 58.397264][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5175] munmap(0x7f729b397000, 1048576) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file0", 0777) = 0 [ 58.470049][ T5175] loop0: detected capacity change from 0 to 2048 [ 58.482087][ T5175] EXT4-fs: Ignoring removed i_version option [ 58.493224][ T5175] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 58.507310][ T5175] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5175] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file0") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] mkdir("./bus", 000 [pid 5174] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... mkdir resumed>) = 0 [pid 5175] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... futex resumed>) = 1 [pid 5175] chdir("./bus") = 0 [pid 5175] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5174] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5178 attached , parent_tid=[5178], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5178 [pid 5174] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5178] set_robust_list(0x7f729b4969e0, 24 [pid 5175] mkdir("./bus", 000 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5175] <... mkdir resumed>) = 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5175] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] <... memfd_create resumed>) = 4 [pid 5175] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 58.518211][ T5175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5178] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5178] munmap(0x7f7293076000, 2097152) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5178] ioctl(5, LOOP_CLR_FD) = 0 [pid 5178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5178] close(5) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] exit_group(0) = ? [pid 5175] <... futex resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5179 ./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5179] chdir("./22") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5179] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5180 attached , parent_tid=[5180], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5180 [pid 5180] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5180] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [ 58.635972][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5180] memfd_create("syzkaller", 0 [pid 5179] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] <... memfd_create resumed>) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5180] munmap(0x7f729b397000, 1048576) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file0", 0777) = 0 [ 58.717449][ T5180] loop0: detected capacity change from 0 to 2048 [ 58.726599][ T5180] EXT4-fs: Ignoring removed i_version option [ 58.742493][ T5180] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 58.756229][ T5180] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5180] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file0") = 0 [pid 5180] ioctl(4, LOOP_CLR_FD) = 0 [pid 5180] close(4) = 0 [pid 5180] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] mkdir("./bus", 000 [pid 5179] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... mkdir resumed>) = 0 [pid 5180] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] chdir("./bus" [pid 5179] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... chdir resumed>) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] mkdir("./bus", 000 [pid 5179] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... mkdir resumed>) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5179] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5183], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5183 [pid 5179] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5183] memfd_create("syzkaller", 0) = 4 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 58.766998][ T5180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5183] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5183] munmap(0x7f7293076000, 2097152) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5183] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5183] ioctl(5, LOOP_CLR_FD) = 0 [pid 5183] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5183] close(5) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] exit_group(0 [pid 5180] <... futex resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5183] <... futex resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5184] chdir("./23") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.876356][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5184] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5185 [pid 5184] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5185] munmap(0x7f729b397000, 1048576) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file0", 0777) = 0 [ 58.957312][ T5185] loop0: detected capacity change from 0 to 2048 [ 58.967572][ T5185] EXT4-fs: Ignoring removed i_version option [ 58.991998][ T5185] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5185] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./file0") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] mkdir("./bus", 000) = 0 [pid 5185] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] chdir("./bus" [pid 5184] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... chdir resumed>) = 0 [pid 5185] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] mkdir("./bus", 000 [pid 5184] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] <... mkdir resumed>) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5185] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... mmap resumed>) = 0x7f729b476000 [pid 5185] <... futex resumed>) = 0 [pid 5184] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5185] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... mprotect resumed>) = 0 [pid 5184] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7f729b4969e0, 24 [pid 5184] <... clone resumed>, parent_tid=[5188], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5188 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5184] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] memfd_create("syzkaller", 0 [pid 5184] <... futex resumed>) = 0 [pid 5188] <... memfd_create resumed>) = 4 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 59.005678][ T5185] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 59.016311][ T5185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5188] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5188] munmap(0x7f7293076000, 2097152) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5188] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5188] ioctl(5, LOOP_CLR_FD) = 0 [pid 5188] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5188] close(5) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5184] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5188] <... futex resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x555555ae15d0) = 5189 [pid 5189] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5189] chdir("./24") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5189] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [ 59.111914][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5189] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5190 attached , parent_tid=[5190], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5190 [pid 5190] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5190] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] <... mmap resumed>) = 0x7f729b397000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5190] munmap(0x7f729b397000, 1048576) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [ 59.189409][ T5190] loop0: detected capacity change from 0 to 2048 [ 59.198146][ T5190] EXT4-fs: Ignoring removed i_version option [ 59.212526][ T5190] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 59.226502][ T5190] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5190] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file0") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... futex resumed>) = 1 [pid 5190] mkdir("./bus", 000) = 0 [pid 5190] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... futex resumed>) = 1 [pid 5190] chdir("./bus") = 0 [pid 5190] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5189] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5193 [pid 5189] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5190] mkdir("./bus", 000) = 0 [pid 5190] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5193] memfd_create("syzkaller", 0) = 4 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5193] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5193] munmap(0x7f7293076000, 2097152) = 0 [ 59.237339][ T5190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5193] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5193] ioctl(5, LOOP_CLR_FD) = 0 [pid 5193] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5193] close(5) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] exit_group(0) = ? [pid 5190] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5194] chdir("./25") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [ 59.334717][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5194] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7f72a37b79e0, 24 [pid 5194] <... clone resumed>, parent_tid=[5195], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5195 [pid 5195] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5195] munmap(0x7f729b397000, 1048576) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [ 59.418179][ T5195] loop0: detected capacity change from 0 to 2048 [ 59.427338][ T5195] EXT4-fs: Ignoring removed i_version option [ 59.442733][ T5195] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 59.457212][ T5195] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5195] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file0") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] mkdir("./bus", 000 [pid 5194] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... mkdir resumed>) = 0 [pid 5195] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5194] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] chdir("./bus" [pid 5194] <... futex resumed>) = 0 [pid 5195] <... chdir resumed>) = 0 [pid 5194] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] mkdir("./bus", 000 [pid 5194] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... mkdir resumed>) = 0 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5194] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5198], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5198 [pid 5194] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5198] memfd_create("syzkaller", 0) = 4 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 59.468667][ T5195] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5198] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5198] munmap(0x7f7293076000, 2097152) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5198] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5198] ioctl(5, LOOP_CLR_FD) = 0 [pid 5198] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5198] close(5) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5195] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5198] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5199] chdir("./26") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5199] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5200 [pid 5199] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 59.572123][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5200] munmap(0x7f729b397000, 1048576) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file0", 0777) = 0 [ 59.642792][ T5200] loop0: detected capacity change from 0 to 2048 [ 59.656356][ T5200] EXT4-fs: Ignoring removed i_version option [ 59.672783][ T5200] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5200] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file0") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... futex resumed>) = 0 [pid 5200] mkdir("./bus", 000 [pid 5199] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... mkdir resumed>) = 0 [pid 5200] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] chdir("./bus") = 0 [pid 5200] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... mmap resumed>) = 0x7f729b476000 [pid 5199] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5200] mkdir("./bus", 000 [pid 5199] <... mprotect resumed>) = 0 [pid 5199] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5203], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5203 [pid 5199] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] <... mkdir resumed>) = 0 [pid 5200] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5203 attached ) = 0 [pid 5200] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5203] memfd_create("syzkaller", 0) = 4 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 59.686570][ T5200] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 59.699926][ T5200] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5203] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5203] munmap(0x7f7293076000, 2097152) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5203] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5203] ioctl(5, LOOP_CLR_FD) = 0 [pid 5203] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5203] close(5) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] exit_group(0 [pid 5203] <... futex resumed>) = ? [pid 5200] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5204] chdir("./27") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [ 59.802367][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5204] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5205 attached , parent_tid=[5205], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5205 [pid 5205] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5205] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] memfd_create("syzkaller", 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] <... memfd_create resumed>) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5204] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5205] munmap(0x7f729b397000, 1048576) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file0", 0777) = 0 [ 59.896680][ T5205] loop0: detected capacity change from 0 to 2048 [ 59.907407][ T5205] EXT4-fs: Ignoring removed i_version option [ 59.932343][ T5205] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5205] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file0") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] mkdir("./bus", 000 [pid 5204] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... mkdir resumed>) = 0 [pid 5205] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] chdir("./bus" [pid 5204] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... chdir resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] mkdir("./bus", 000 [pid 5204] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... mkdir resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5204] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5208], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5208 [pid 5204] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5208] memfd_create("syzkaller", 0) = 4 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 59.946161][ T5205] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 59.957006][ T5205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5208] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5208] munmap(0x7f7293076000, 2097152) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5208] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5208] ioctl(5, LOOP_CLR_FD) = 0 [pid 5208] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5208] close(5) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5205] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5208] <... futex resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5209] chdir("./28") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5209] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5210 [pid 5209] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 60.058929][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5210] munmap(0x7f729b397000, 1048576) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [ 60.129522][ T5210] loop0: detected capacity change from 0 to 2048 [ 60.138390][ T5210] EXT4-fs: Ignoring removed i_version option [ 60.152379][ T5210] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 60.166440][ T5210] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5210] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] mkdir("./bus", 000) = 0 [pid 5210] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] chdir("./bus") = 0 [pid 5210] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5209] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5213], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5213 [pid 5209] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5210] mkdir("./bus", 000) = 0 [pid 5210] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5213] memfd_create("syzkaller", 0) = 4 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5213] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5213] munmap(0x7f7293076000, 2097152) = 0 [ 60.178512][ T5210] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5213] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5213] ioctl(5, LOOP_CLR_FD) = 0 [pid 5213] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5213] close(5) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5214] chdir("./29") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5214] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5215], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5215 [pid 5214] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555555ae15d0) = 5214 [pid 5214] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [ 60.280399][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5215] munmap(0x7f729b397000, 1048576) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file0", 0777) = 0 [ 60.347756][ T5215] loop0: detected capacity change from 0 to 2048 [ 60.358881][ T5215] EXT4-fs: Ignoring removed i_version option [ 60.373555][ T5215] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 60.388300][ T5215] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5215] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file0") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] mkdir("./bus", 000 [pid 5214] <... futex resumed>) = 0 [pid 5215] <... mkdir resumed>) = 0 [pid 5215] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] chdir("./bus" [pid 5214] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... chdir resumed>) = 0 [pid 5215] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5214] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5218], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5218 [pid 5214] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5215] mkdir("./bus", 000) = 0 [pid 5215] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5218] memfd_create("syzkaller", 0) = 4 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 60.399749][ T5215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5218] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5218] munmap(0x7f7293076000, 2097152) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5218] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5218] ioctl(5, LOOP_CLR_FD) = 0 [pid 5218] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5218] close(5) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5215] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5218] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5219] chdir("./30") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5219] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5220], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5220 [pid 5219] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5220] munmap(0x7f729b397000, 1048576) = 0 [ 60.515753][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file0", 0777) = 0 [ 60.572414][ T5220] loop0: detected capacity change from 0 to 2048 [ 60.581553][ T5220] EXT4-fs: Ignoring removed i_version option [ 60.592739][ T5220] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 60.606726][ T5220] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5220] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file0") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] mkdir("./bus", 000) = 0 [pid 5220] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] chdir("./bus") = 0 [pid 5220] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5219] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5223], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5223 [pid 5219] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5220] mkdir("./bus", 000) = 0 [pid 5220] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5223] memfd_create("syzkaller", 0) = 4 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5223] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [ 60.617412][ T5220] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5223] munmap(0x7f7293076000, 2097152) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5223] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5223] ioctl(5, LOOP_CLR_FD) = 0 [pid 5223] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5223] close(5) = 0 [pid 5223] close(4) = 0 [pid 5223] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5219] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5223] <... futex resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5224] chdir("./31") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5224] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.719145][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5224] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5225 attached , parent_tid=[5225], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5225 [pid 5225] set_robust_list(0x7f72a37b79e0, 24 [pid 5224] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5225] munmap(0x7f729b397000, 1048576) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] mkdir("./file0", 0777) = 0 [ 60.798859][ T5225] loop0: detected capacity change from 0 to 2048 [ 60.809613][ T5225] EXT4-fs: Ignoring removed i_version option [ 60.822516][ T5225] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 60.836371][ T5225] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5225] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file0") = 0 [pid 5225] ioctl(4, LOOP_CLR_FD) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] mkdir("./bus", 000) = 0 [pid 5225] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] chdir("./bus") = 0 [pid 5225] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] mkdir("./bus", 000 [pid 5224] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5224] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5225] <... mkdir resumed>) = 0 [pid 5225] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] <... mprotect resumed>) = 0 [pid 5225] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5228 attached , parent_tid=[5228], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5228 [pid 5224] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] set_robust_list(0x7f729b4969e0, 24 [pid 5224] <... futex resumed>) = 0 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5228] memfd_create("syzkaller", 0) = 4 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 60.847563][ T5225] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5228] munmap(0x7f7293076000, 2097152) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5228] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5228] ioctl(5, LOOP_CLR_FD) = 0 [pid 5228] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5228] close(5) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] exit_group(0 [pid 5225] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5228] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5229] chdir("./32") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5229] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached , parent_tid=[5230], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5230 [pid 5229] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5229] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [ 60.968575][ T5066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5230] munmap(0x7f729b397000, 1048576) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [ 61.043593][ T5230] loop0: detected capacity change from 0 to 2048 [ 61.053669][ T5230] EXT4-fs: Ignoring removed i_version option [ 61.073247][ T5230] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5230] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] mkdir("./bus", 000 [pid 5229] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... mkdir resumed>) = 0 [pid 5230] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] chdir("./bus") = 0 [pid 5230] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5229] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5230] mkdir("./bus", 000 [pid 5229] <... mprotect resumed>) = 0 [pid 5230] <... mkdir resumed>) = 0 [pid 5229] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5230] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... clone resumed>, parent_tid=[5233], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5229] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] set_robust_list(0x7f729b4969e0, 24 [pid 5229] <... futex resumed>) = 0 [pid 5233] <... set_robust_list resumed>) = 0 [pid 5233] memfd_create("syzkaller", 0) = 4 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 61.088784][ T5230] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5233] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5233] munmap(0x7f7293076000, 2097152) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5233] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5233] ioctl(5, LOOP_CLR_FD) = 0 [pid 5233] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5233] close(5) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5234 ./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5234] chdir("./33") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5234] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5235], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5235 [pid 5234] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5235] munmap(0x7f729b397000, 1048576) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] mkdir("./file0", 0777) = 0 [pid 5235] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./file0") = 0 [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [pid 5235] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] mkdir("./bus", 000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... mkdir resumed>) = 0 [pid 5235] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] chdir("./bus") = 0 [pid 5235] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] mkdir("./bus", 000 [pid 5234] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... mkdir resumed>) = 0 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5235] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] <... mmap resumed>) = 0x7f729b476000 [pid 5235] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5239 attached , parent_tid=[5239], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5239 [pid 5234] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5239] memfd_create("syzkaller", 0) = 4 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 61.249834][ T5235] loop0: detected capacity change from 0 to 2048 [ 61.261458][ T5235] EXT4-fs: Ignoring removed i_version option [ 61.272361][ T5235] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 61.286510][ T5235] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5239] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5239] munmap(0x7f7293076000, 2097152) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5239] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5239] ioctl(5, LOOP_CLR_FD) = 0 [pid 5239] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5239] close(5) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] exit_group(0 [pid 5235] <... futex resumed>) = ? [pid 5234] <... exit_group resumed>) = ? [pid 5235] +++ exited with 0 +++ [pid 5239] <... futex resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5240 ./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5240] chdir("./34") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5240] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5241], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5241 [pid 5240] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5241] munmap(0x7f729b397000, 1048576) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] mkdir("./file0", 0777) = 0 [ 61.450268][ T5241] loop0: detected capacity change from 0 to 2048 [ 61.472029][ T5241] EXT4-fs: Ignoring removed i_version option [ 61.482678][ T5241] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5241] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file0") = 0 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] mkdir("./bus", 000 [pid 5240] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... mkdir resumed>) = 0 [pid 5241] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] chdir("./bus") = 0 [pid 5241] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5240] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5244 attached , parent_tid=[5244], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5244 [pid 5240] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] set_robust_list(0x7f729b4969e0, 24 [pid 5240] <... futex resumed>) = 0 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5244] memfd_create("syzkaller", 0) = 4 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 61.496193][ T5241] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5244] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5241] mkdir("./bus", 000) = 0 [pid 5241] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... write resumed>) = 2097152 [pid 5244] munmap(0x7f7293076000, 2097152) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5244] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5244] ioctl(5, LOOP_CLR_FD) = 0 [pid 5244] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5244] close(5) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] exit_group(0) = ? [pid 5241] <... futex resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5245] chdir("./35") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5245] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5246 attached , parent_tid=[5246], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5246 [pid 5246] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5246] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] memfd_create("syzkaller", 0 [pid 5245] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] <... memfd_create resumed>) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5246] munmap(0x7f729b397000, 1048576) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file0") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] mkdir("./bus", 000 [pid 5245] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... mkdir resumed>) = 0 [pid 5246] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] chdir("./bus") = 0 [pid 5246] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] mkdir("./bus", 000 [pid 5245] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5246] <... mkdir resumed>) = 0 [pid 5245] <... mmap resumed>) = 0x7f729b476000 [pid 5246] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5246] <... futex resumed>) = 0 [pid 5245] <... mprotect resumed>) = 0 [pid 5246] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5249 attached , parent_tid=[5249], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5249 [pid 5245] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5249] memfd_create("syzkaller", 0) = 4 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 61.646386][ T5246] loop0: detected capacity change from 0 to 2048 [ 61.655920][ T5246] EXT4-fs: Ignoring removed i_version option [ 61.672774][ T5246] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 61.686773][ T5246] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5249] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5249] munmap(0x7f7293076000, 2097152) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5249] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] ioctl(5, LOOP_CLR_FD) = 0 [pid 5249] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] close(5) = 0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5249] <... futex resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5250] chdir("./36") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5250] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5251 attached , parent_tid=[5251], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5251 [pid 5251] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5251] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5250] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5251] munmap(0x7f729b397000, 1048576) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file0", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file0") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5251] mkdir("./bus", 000) = 0 [pid 5251] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] chdir("./bus") = 0 [pid 5251] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5250] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5254 attached , parent_tid=[5254], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5254 [pid 5254] set_robust_list(0x7f729b4969e0, 24 [pid 5250] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5254] memfd_create("syzkaller", 0 [pid 5250] <... futex resumed>) = 0 [pid 5254] <... memfd_create resumed>) = 4 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5251] mkdir("./bus", 000) = 0 [pid 5251] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.867393][ T5251] loop0: detected capacity change from 0 to 2048 [ 61.877186][ T5251] EXT4-fs: Ignoring removed i_version option [ 61.892307][ T5251] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 61.905879][ T5251] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5251] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5254] munmap(0x7f7293076000, 2097152) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5254] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5254] ioctl(5, LOOP_CLR_FD) = 0 [pid 5254] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5254] close(5) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5254] <... futex resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5255] chdir("./37") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5255] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5256] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... clone resumed>, parent_tid=[5256], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5256 [pid 5255] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5255] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5256] munmap(0x7f729b397000, 1048576) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file0", 0777) = 0 [ 62.085193][ T5256] loop0: detected capacity change from 0 to 2048 [ 62.094069][ T5256] EXT4-fs: Ignoring removed i_version option [ 62.112499][ T5256] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5256] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file0") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] mkdir("./bus", 000) = 0 [pid 5256] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] chdir("./bus") = 0 [pid 5256] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5255] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5260 attached , parent_tid=[5260], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5260 [pid 5260] set_robust_list(0x7f729b4969e0, 24 [pid 5255] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5255] <... futex resumed>) = 0 [pid 5260] memfd_create("syzkaller", 0) = 4 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5256] <... futex resumed>) = 1 [pid 5256] mkdir("./bus", 000) = 0 [pid 5256] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.126220][ T5256] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5256] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5260] munmap(0x7f7293076000, 2097152) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5260] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5260] ioctl(5, LOOP_CLR_FD) = 0 [pid 5260] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5260] close(5) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] exit_group(0) = ? [pid 5260] <... futex resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5261 ./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5261] chdir("./38") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5261] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5262], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5262 [pid 5261] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5262] munmap(0x7f729b397000, 1048576) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] mkdir("./file0", 0777) = 0 [ 62.305201][ T5262] loop0: detected capacity change from 0 to 2048 [ 62.316043][ T5262] EXT4-fs: Ignoring removed i_version option [ 62.332600][ T5262] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5262] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file0") = 0 [pid 5262] ioctl(4, LOOP_CLR_FD) = 0 [pid 5262] close(4) = 0 [pid 5262] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] mkdir("./bus", 000 [pid 5261] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... mkdir resumed>) = 0 [pid 5262] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] chdir("./bus" [pid 5261] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... chdir resumed>) = 0 [pid 5262] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] mkdir("./bus", 000 [pid 5261] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5262] <... mkdir resumed>) = 0 [pid 5261] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5262] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... mprotect resumed>) = 0 [pid 5261] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5262] <... futex resumed>) = 0 [pid 5261] <... clone resumed>, parent_tid=[5265], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5265 [pid 5262] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5265] memfd_create("syzkaller", 0) = 4 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 62.350325][ T5262] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5265] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5265] munmap(0x7f7293076000, 2097152) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5265] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5265] ioctl(5, LOOP_CLR_FD) = 0 [pid 5265] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5265] close(5) = 0 [pid 5265] close(4) = 0 [pid 5265] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5266] chdir("./39") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5266] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5267], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5267 [pid 5266] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5267] munmap(0x7f729b397000, 1048576) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file0", 0777) = 0 [ 62.544600][ T5267] loop0: detected capacity change from 0 to 2048 [ 62.556160][ T5267] EXT4-fs: Ignoring removed i_version option [ 62.572826][ T5267] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5267] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file0") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] mkdir("./bus", 000 [pid 5266] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... mkdir resumed>) = 0 [pid 5267] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] chdir("./bus" [pid 5266] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... chdir resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] mkdir("./bus", 000 [pid 5266] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... mkdir resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5266] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5270 [pid 5266] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5270] memfd_create("syzkaller", 0) = 4 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 62.587096][ T5267] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5270] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5270] munmap(0x7f7293076000, 2097152) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5270] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5270] ioctl(5, LOOP_CLR_FD) = 0 [pid 5270] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5270] close(5) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5271] chdir("./40") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5271] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5272], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5272 [pid 5271] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5272] memfd_create("syzkaller", 0) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5272] munmap(0x7f729b397000, 1048576) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./file0", 0777) = 0 [ 62.769196][ T5272] loop0: detected capacity change from 0 to 2048 [ 62.779328][ T5272] EXT4-fs: Ignoring removed i_version option [ 62.802365][ T5272] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5272] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file0") = 0 [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] mkdir("./bus", 000) = 0 [pid 5272] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 1 [pid 5272] chdir("./bus") = 0 [pid 5272] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] mkdir("./bus", 000 [pid 5271] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] <... mkdir resumed>) = 0 [pid 5271] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5272] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] <... mmap resumed>) = 0x7f729b476000 [pid 5272] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5275], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5275 [pid 5271] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5275] memfd_create("syzkaller", 0) = 4 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 62.817056][ T5272] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5275] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5275] munmap(0x7f7293076000, 2097152) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5275] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5275] ioctl(5, LOOP_CLR_FD) = 0 [pid 5275] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5275] close(5) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5271] <... exit_group resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5275] <... futex resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5276 ./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5276] chdir("./41") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5276] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5277 attached , parent_tid=[5277], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5277 [pid 5277] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5277] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5276] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5277] munmap(0x7f729b397000, 1048576) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5277] close(3) = 0 [pid 5277] mkdir("./file0", 0777) = 0 [ 62.989318][ T5277] loop0: detected capacity change from 0 to 2048 [ 62.999745][ T5277] EXT4-fs: Ignoring removed i_version option [ 63.022681][ T5277] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5277] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./file0") = 0 [pid 5277] ioctl(4, LOOP_CLR_FD) = 0 [pid 5277] close(4) = 0 [pid 5277] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] mkdir("./bus", 000) = 0 [pid 5277] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] chdir("./bus") = 0 [pid 5277] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5276] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5280], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5276] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5280] memfd_create("syzkaller", 0) = 4 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5277] <... futex resumed>) = 1 [pid 5277] mkdir("./bus", 000) = 0 [pid 5277] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [ 63.036716][ T5277] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5280] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5280] munmap(0x7f7293076000, 2097152) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5280] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5280] ioctl(5, LOOP_CLR_FD) = 0 [pid 5280] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5280] close(5) = 0 [pid 5280] close(4) = 0 [pid 5280] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] exit_group(0) = ? [pid 5277] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5280] <... futex resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5281] chdir("./42") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5281] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5282 attached [pid 5282] set_robust_list(0x7f72a37b79e0, 24 [pid 5281] <... clone resumed>, parent_tid=[5282], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5282 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5282] munmap(0x7f729b397000, 1048576) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file0") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5281] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] mkdir("./bus", 000) = 0 [pid 5282] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] chdir("./bus") = 0 [pid 5282] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5281] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] mkdir("./bus", 000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... mkdir resumed>) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... mmap resumed>) = 0x7f729b476000 [pid 5281] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5285 attached , parent_tid=[5285], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5285 [pid 5285] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5285] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5285] memfd_create("syzkaller", 0) = 4 [ 63.202081][ T5282] loop0: detected capacity change from 0 to 2048 [ 63.212431][ T5282] EXT4-fs: Ignoring removed i_version option [ 63.222398][ T5282] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 63.236098][ T5282] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [pid 5285] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5285] munmap(0x7f7293076000, 2097152) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5285] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5285] ioctl(5, LOOP_CLR_FD) = 0 [pid 5285] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5285] close(5) = 0 [pid 5285] close(4) = 0 [pid 5285] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] exit_group(0 [pid 5285] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5281] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5285] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5286] chdir("./43") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5286] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5287], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5287 [pid 5286] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5287] munmap(0x7f729b397000, 1048576) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] mkdir("./file0", 0777) = 0 [ 63.415447][ T5287] loop0: detected capacity change from 0 to 2048 [ 63.426112][ T5287] EXT4-fs: Ignoring removed i_version option [ 63.442305][ T5287] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5287] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file0") = 0 [pid 5287] ioctl(4, LOOP_CLR_FD) = 0 [pid 5287] close(4) = 0 [pid 5287] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... futex resumed>) = 1 [pid 5287] mkdir("./bus", 000) = 0 [pid 5287] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... futex resumed>) = 1 [pid 5287] chdir("./bus") = 0 [pid 5287] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5286] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5290], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5290 [pid 5286] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5287] mkdir("./bus", 000) = 0 [pid 5287] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5290] memfd_create("syzkaller", 0) = 4 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 63.456695][ T5287] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5290] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5290] munmap(0x7f7293076000, 2097152) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5290] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5290] ioctl(5, LOOP_CLR_FD) = 0 [pid 5290] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5290] close(5) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] exit_group(0 [pid 5287] <... futex resumed>) = ? [pid 5286] <... exit_group resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5291 ./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5291] chdir("./44") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5291] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5291] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5292], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5291] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5292] set_robust_list(0x7f72a37b79e0, 24) = 0 [pid 5292] memfd_create("syzkaller", 0) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5292] munmap(0x7f729b397000, 1048576) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5292] close(3) = 0 [pid 5292] mkdir("./file0", 0777) = 0 [ 63.632631][ T5292] loop0: detected capacity change from 0 to 2048 [ 63.643335][ T5292] EXT4-fs: Ignoring removed i_version option [ 63.662540][ T5292] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [pid 5292] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file0") = 0 [pid 5292] ioctl(4, LOOP_CLR_FD) = 0 [pid 5292] close(4) = 0 [pid 5292] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] mkdir("./bus", 000) = 0 [pid 5292] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] chdir("./bus") = 0 [pid 5292] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] mkdir("./bus", 000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5292] <... mkdir resumed>) = 0 [pid 5292] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... mmap resumed>) = 0x7f729b476000 [pid 5292] <... futex resumed>) = 0 [pid 5291] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE [pid 5292] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... mprotect resumed>) = 0 [pid 5291] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5295 attached , parent_tid=[5295], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5295 [pid 5291] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5295] memfd_create("syzkaller", 0) = 4 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 63.676546][ T5292] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5295] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5295] munmap(0x7f7293076000, 2097152) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5295] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5295] ioctl(5, LOOP_CLR_FD) = 0 [pid 5295] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5295] close(5) = 0 [pid 5295] close(4) = 0 [pid 5295] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] exit_group(0 [pid 5295] ???( [pid 5291] <... exit_group resumed>) = ? [pid 5295] <... ??? resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5292] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ae2620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555aea660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555aea660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae15d0) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x555555ae15e0, 24) = 0 [pid 5296] chdir("./45") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72a3797000 [pid 5296] mprotect(0x7f72a3798000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f72a37b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached [pid 5297] set_robust_list(0x7f72a37b79e0, 24 [pid 5296] <... clone resumed>, parent_tid=[5297], tls=0x7f72a37b7700, child_tidptr=0x7f72a37b79d0) = 5297 [pid 5297] <... set_robust_list resumed>) = 0 [pid 5297] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5297] memfd_create("syzkaller", 0 [pid 5296] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] <... memfd_create resumed>) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f729b397000 [pid 5297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5297] munmap(0x7f729b397000, 1048576) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file0", 0777) = 0 [ 63.855213][ T5297] loop0: detected capacity change from 0 to 2048 [ 63.875716][ T5297] EXT4-fs: Ignoring removed i_version option [pid 5297] mount("/dev/loop0", "./file0", "ext4", MS_NODIRATIME, "usrquota,i_version,,errors=continue") = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file0") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f72a3891788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 0 [pid 5297] mkdir("./bus", 000) = 0 [pid 5297] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f72a389178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] chdir("./bus") = 0 [pid 5297] futex(0x7f72a389178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f72a3891788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f729b476000 [pid 5296] mprotect(0x7f729b477000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f729b4963f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5300 attached , parent_tid=[5300], tls=0x7f729b496700, child_tidptr=0x7f729b4969d0) = 5300 [pid 5296] futex(0x7f72a3891798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mkdir("./bus", 000 [pid 5300] set_robust_list(0x7f729b4969e0, 24) = 0 [pid 5300] memfd_create("syzkaller", 0) = 4 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7293076000 [ 63.892764][ T5297] EXT4-fs error (device loop0): __ext4_fill_super:5382: inode #2: comm syz-executor376: casefold flag without casefold feature [ 63.906650][ T5297] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5300] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5300] munmap(0x7f7293076000, 2097152) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5300] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5300] ioctl(5, LOOP_CLR_FD) = 0 [pid 5300] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5300] close(5) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f72a389179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f72a3891798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] exit_group(0 [pid 5300] <... futex resumed>) = ? [pid 5296] <... exit_group resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5066] kill(-5296, SIGKILL) = 0 [pid 5066] kill(5296, SIGKILL) = 0 [pid 5066] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5066] getdents64(3, 0x555555ae2620 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(3, 0x555555ae2620 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 76.332100][ T24] cfg80211: failed to load regulatory.db [ 286.250577][ T28] INFO: task syz-executor376:5297 blocked for more than 143 seconds. [ 286.258803][ T28] Not tainted 6.2.0-rc2-syzkaller-00313-g9b43a525db12 #0 [ 286.266616][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.275376][ T28] task:syz-executor376 state:D stack:21248 pid:5297 ppid:5066 flags:0x00004004 [ 286.284923][ T28] Call Trace: [ 286.288229][ T28] [ 286.291496][ T28] __schedule+0x995/0xe20 [ 286.295926][ T28] ? release_firmware_map_entry+0x180/0x180 [ 286.301955][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.307234][ T28] ? lockdep_hardirqs_on+0x8d/0x130 [ 286.312536][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 286.318444][ T28] ? _raw_spin_unlock+0x40/0x40 [ 286.323435][ T28] schedule+0xcb/0x190 [ 286.327696][ T28] io_schedule+0x83/0x100 [ 286.332210][ T28] bit_wait_io+0xe/0xc0 [ 286.336470][ T28] __wait_on_bit_lock+0xbb/0x1a0 [ 286.341715][ T28] ? bit_wait+0xc0/0xc0 [ 286.345887][ T28] out_of_line_wait_on_bit_lock+0x1c3/0x240 [ 286.351869][ T28] ? bit_wait+0xc0/0xc0 [ 286.356035][ T28] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 286.361281][ T28] ? bit_waitqueue+0x30/0x30 [ 286.365931][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.371211][ T28] __sync_dirty_buffer+0x107/0x330 [ 286.376400][ T28] __ext4_handle_dirty_metadata+0x29a/0x810 [ 286.382404][ T28] ext4_handle_dirty_dirblock+0x363/0x6b0 [ 286.388878][ T28] ? ext4_has_metadata_csum+0x1c0/0x1c0 [ 286.394645][ T28] ? memcpy+0x3c/0x60 [ 286.398676][ T28] ? ext4_init_dot_dotdot+0x31c/0x510 [ 286.404316][ T28] ? ext4_finish_convert_inline_dir+0xf2/0x700 [ 286.410540][ T28] ext4_finish_convert_inline_dir+0x58a/0x700 [ 286.416677][ T28] ext4_convert_inline_data_nolock+0x639/0x820 [ 286.422880][ T28] ? ext4_add_dirent_to_inline+0x450/0x450 [ 286.428701][ T28] ? get_max_inline_xattr_value_size+0x3f8/0x510 [ 286.435076][ T28] ext4_try_add_inline_entry+0x683/0x990 [ 286.440758][ T28] ? ext4_da_convert_inline_data_to_extent+0xa30/0xa30 [ 286.447606][ T28] ? ext4_try_create_inline_dir+0x27c/0x320 [ 286.453665][ T28] ext4_add_entry+0x5a4/0xeb0 [ 286.458367][ T28] ? ext4_inc_count+0x190/0x190 [ 286.463279][ T28] ? ext4_init_new_dir+0x557/0x670 [ 286.468402][ T28] ? ext4_init_dot_dotdot+0x510/0x510 [ 286.473812][ T28] ? make_kgid+0x710/0x710 [ 286.478299][ T28] ext4_mkdir+0x557/0xcf0 [ 286.482677][ T28] ? ext4_symlink+0xbf0/0xbf0 [ 286.487363][ T28] ? inode_permission+0xf5/0x450 [ 286.492397][ T28] ? bpf_lsm_inode_mkdir+0x5/0x10 [ 286.497466][ T28] ? security_inode_mkdir+0xdd/0x120 [ 286.502833][ T28] vfs_mkdir+0x3b3/0x590 [ 286.507092][ T28] do_mkdirat+0x25b/0x530 [ 286.511490][ T28] ? 0xffffffff81000000 [ 286.515827][ T28] ? __check_object_size+0x15a/0x210 [ 286.521194][ T28] ? vfs_mkdir+0x590/0x590 [ 286.525625][ T28] ? getname_flags+0x1ea/0x4e0 [ 286.530448][ T28] __x64_sys_mkdir+0x6a/0x80 [ 286.535224][ T28] do_syscall_64+0x3d/0xb0 [ 286.539639][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.545644][ T28] RIP: 0033:0x7f72a380b759 [ 286.550083][ T28] RSP: 002b:00007f72a37b72f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 286.558633][ T28] RAX: ffffffffffffffda RBX: 00007f72a3891780 RCX: 00007f72a380b759 [ 286.566640][ T28] RDX: 00007f72a380b759 RSI: 0000000000000000 RDI: 0000000020000300 [ 286.574679][ T28] RBP: 00007f72a385e780 R08: 0000000000000000 R09: 0000000000000000 [ 286.582710][ T28] R10: 0000000000000073 R11: 0000000000000246 R12: 7261637369646f6e [ 286.590734][ T28] R13: 0030656c69662f2e R14: 6569727261626f6e R15: 00007f72a3891788 [ 286.598727][ T28] [ 286.601805][ T28] [ 286.601805][ T28] Showing all locks held in the system: [ 286.609518][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.614843][ T28] #0: ffffffff8d326f50 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.625644][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.630984][ T28] #0: ffffffff8d327750 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.642122][ T28] 1 lock held by khungtaskd/28: [ 286.646957][ T28] #0: ffffffff8d326d80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.656355][ T28] 2 locks held by getty/4743: [ 286.661065][ T28] #0: ffff8880295d0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 286.670891][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650 [ 286.681221][ T28] 3 locks held by syz-executor376/5297: [ 286.686751][ T28] #0: ffff88802b414460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 286.695980][ T28] #1: ffff88807312ac20 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x22a/0x4f0 [ 286.707193][ T28] #2: ffff88807312a8e8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_add_inline_entry+0xe1/0x990 [ 286.717705][ T28] [ 286.720039][ T28] ============================================= [ 286.720039][ T28] [ 286.728507][ T28] NMI backtrace for cpu 0 [ 286.732837][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc2-syzkaller-00313-g9b43a525db12 #0 [ 286.742632][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.752675][ T28] Call Trace: [ 286.755944][ T28] [ 286.758870][ T28] dump_stack_lvl+0x1b1/0x290 [ 286.763551][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 286.769004][ T28] ? panic+0x710/0x710 [ 286.773064][ T28] ? nmi_cpu_backtrace+0x205/0x4f0 [ 286.778199][ T28] nmi_cpu_backtrace+0x46f/0x4f0 [ 286.783133][ T28] ? vprintk_emit+0x109/0x1e0 [ 286.787829][ T28] ? nmi_trigger_cpumask_backtrace+0x420/0x420 [ 286.794410][ T28] ? _printk+0xc0/0x100 [ 286.798553][ T28] ? panic+0x710/0x710 [ 286.802623][ T28] ? __wake_up_klogd+0xcd/0x100 [ 286.807467][ T28] ? panic+0x710/0x710 [ 286.811545][ T28] ? nmi_trigger_cpumask_backtrace+0xc9/0x420 [ 286.817642][ T28] nmi_trigger_cpumask_backtrace+0x1ba/0x420 [ 286.823635][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.829764][ T28] watchdog+0xcd5/0xd20 [ 286.833957][ T28] kthread+0x266/0x300 [ 286.838042][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.843061][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.847641][ T28] ret_from_fork+0x1f/0x30 [ 286.852093][ T28] [ 286.855248][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.860511][ C1] NMI backtrace for cpu 1 [ 286.860521][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc2-syzkaller-00313-g9b43a525db12 #0 [ 286.860535][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.860543][ C1] RIP: 0010:check_preemption_disabled+0x14/0x110 [ 286.860564][ C1] Code: ff cc cc cc cc cc 48 c7 c7 c0 c3 4b 8b 48 c7 c6 00 c4 4b 8b eb 00 41 57 41 56 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 <48> 89 44 24 08 65 8b 1d ec 31 52 75 65 8b 05 e1 31 52 75 a9 ff ff [ 286.860575][ C1] RSP: 0018:ffffc90000177ac8 EFLAGS: 00000082 [ 286.860587][ C1] RAX: 1b54913549c15100 RBX: ffffc90000177b90 RCX: 0000000000177b03 [ 286.860597][ C1] RDX: 0000000000000000 RSI: ffffffff8aedcd60 RDI: ffffffff8b4bc420 [ 286.860606][ C1] RBP: ffffc90000177c30 R08: dffffc0000000000 R09: fffffbfff1d2cdfe [ 286.860616][ C1] R10: fffffbfff1d2cdfe R11: 1ffffffff1d2cdfd R12: dffffc0000000000 [ 286.860625][ C1] R13: ffff888012af2778 R14: 1ffff9200002ef6c R15: 0000000000000046 [ 286.860634][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.860645][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.860654][ C1] CR2: 00005571c2f5fdc8 CR3: 00000000207b2000 CR4: 00000000003506e0 [ 286.860666][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.860673][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.860681][ C1] Call Trace: [ 286.860686][ C1] [ 286.860690][ C1] ? trace_lock_release+0x95/0x220 [ 286.860707][ C1] lock_release+0x54c/0x820 [ 286.860724][ C1] ? read_lock_is_recursive+0x10/0x10 [ 286.860739][ C1] ? ktime_get+0x95/0x2b0 [ 286.860821][ C1] ? __lock_acquire+0x1f60/0x1f60 [ 286.860835][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.860855][ C1] ? lockdep_hardirqs_on+0x8d/0x130 [ 286.860868][ C1] ? finish_lock_switch+0x8e/0x100 [ 286.860909][ C1] ? ktime_get+0x95/0x2b0 [ 286.860925][ C1] seqcount_lockdep_reader_access+0xf2/0x1f0 [ 286.860943][ C1] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 286.860959][ C1] ? __schedule+0x99d/0xe20 [ 286.860978][ C1] ktime_get+0x95/0x2b0 [ 286.860994][ C1] tick_nohz_idle_enter+0x1cc/0x2e0 [ 286.861031][ C1] ? generic_smp_call_function_single_interrupt+0x110/0x110 [ 286.861048][ C1] ? tick_nohz_idle_retain_tick+0xa0/0xa0 [ 286.861068][ C1] ? tick_nohz_idle_got_tick+0x9b/0x100 [ 286.861090][ C1] do_idle+0xb0/0x640 [ 286.861105][ C1] ? print_irqtrace_events+0x220/0x220 [ 286.861122][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 286.861138][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 286.861160][ C1] ? complete+0xb9/0x1c0 [ 286.861174][ C1] cpu_startup_entry+0x15/0x20 [ 286.861189][ C1] start_secondary+0xe4/0xf0 [ 286.861211][ C1] secondary_startup_64_no_verify+0xcf/0xdb [ 286.861234][ C1] [ 286.861575][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.140941][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc2-syzkaller-00313-g9b43a525db12 #0 [ 287.151008][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.161064][ T28] Call Trace: [ 287.164343][ T28] [ 287.167267][ T28] dump_stack_lvl+0x1b1/0x290 [ 287.171950][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 287.177404][ T28] ? panic+0x710/0x710 [ 287.181467][ T28] ? vscnprintf+0x59/0x80 [ 287.185792][ T28] panic+0x2d6/0x710 [ 287.189678][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 287.195302][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.201449][ T28] ? memcpy_page_flushcache+0x100/0x100 [ 287.206985][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.213129][ T28] ? nmi_trigger_cpumask_backtrace+0x34e/0x420 [ 287.219285][ T28] ? nmi_trigger_cpumask_backtrace+0x353/0x420 [ 287.225438][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.231495][ T28] watchdog+0xd15/0xd20 [ 287.235658][ T28] kthread+0x266/0x300 [ 287.239719][ T28] ? hungtask_pm_notify+0x50/0x50 [ 287.244734][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.249320][ T28] ret_from_fork+0x1f/0x30 [ 287.253739][ T28] [ 287.256897][ T28] Kernel Offset: disabled [ 287.261216][ T28] Rebooting in 86400 seconds..