./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3284673255 <...> Warning: Permanently added '10.128.10.56' (ED25519) to the list of known hosts. execve("./syz-executor3284673255", ["./syz-executor3284673255"], 0x7ffc586ae6d0 /* 10 vars */) = 0 brk(NULL) = 0x555555c78000 brk(0x555555c78e00) = 0x555555c78e00 arch_prctl(ARCH_SET_FS, 0x555555c78480) = 0 set_tid_address(0x555555c78750) = 5067 set_robust_list(0x555555c78760, 24) = 0 rseq(0x555555c78da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3284673255", 4096) = 28 getrandom("\xae\x31\x6b\x54\xcd\xab\xfb\x8d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555c78e00 brk(0x555555c99e00) = 0x555555c99e00 brk(0x555555c9a000) = 0x555555c9a000 mprotect(0x7f4b502b0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f4b50206940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4b5020f450}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f4b50206940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4b5020f450}, NULL, 8) = 0 mkdir("./syzkaller.d2iMMB", 0700) = 0 chmod("./syzkaller.d2iMMB", 0777) = 0 chdir("./syzkaller.d2iMMB") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached , child_tidptr=0x555555c78750) = 5068 [pid 5068] set_robust_list(0x555555c78760, 24) = 0 [pid 5068] chdir("./0") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5068] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./bus", 0777) = 0 [ 55.432098][ T5068] loop0: detected capacity change from 0 to 512 [ 55.463942][ T5068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5068] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./bus") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] mkdir("./bus", 0777) = 0 [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5068] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 55.476468][ T5068] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5068] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5068] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5068] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5068] exit_group(0) = ? [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 55.575092][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x555555c78760, 24) = 0 [pid 5073] chdir("./1") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5073 [pid 5073] <... openat resumed>) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5073] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [ 55.706453][ T5073] loop0: detected capacity change from 0 to 512 [ 55.741723][ T5073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5073] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./bus") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5073] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5073] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5073] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5073] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 55.754395][ T5073] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/1/bus supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.834730][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x555555c78750) = 5076 [pid 5076] set_robust_list(0x555555c78760, 24) = 0 [pid 5076] chdir("./2") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5076] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./bus", 0777) = 0 [pid 5076] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5076] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./bus") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] mkdir("./bus", 0777) = 0 [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5076] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 55.975292][ T5076] loop0: detected capacity change from 0 to 512 [ 56.000876][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.013419][ T5076] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/2/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5076] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5076] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5076] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 [ 56.112587][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555555c78760, 24) = 0 [pid 5079] chdir("./3") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5079 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5079] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [ 56.227871][ T5079] loop0: detected capacity change from 0 to 512 [ 56.261510][ T5079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5079] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./bus") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5079] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 56.274281][ T5079] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5079] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5079] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5079] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x555555c78750) = 5082 [pid 5082] set_robust_list(0x555555c78760, 24) = 0 [pid 5082] chdir("./4") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [ 56.370430][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5082] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./bus", 0777) = 0 [pid 5082] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./bus") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [ 56.468979][ T5082] loop0: detected capacity change from 0 to 512 [ 56.491286][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.503859][ T5082] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5082] mkdir("./bus", 0777) = 0 [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5082] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5082] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5082] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5082] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 [ 56.617743][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x555555c78760, 24) = 0 [pid 5085] chdir("./5") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5085 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5085] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./bus", 0777) = 0 [pid 5085] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./bus") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./bus", 0777) = 0 [pid 5085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 56.728398][ T5085] loop0: detected capacity change from 0 to 512 [ 56.751128][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.763605][ T5085] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5085] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5085] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5085] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5085] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 56.863611][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x555555c78760, 24) = 0 [pid 5088] chdir("./6") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5088 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./bus", 0777) = 0 [pid 5088] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./bus") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [ 56.989230][ T5088] loop0: detected capacity change from 0 to 512 [ 57.011597][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.024114][ T5088] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/6/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5088] mkdir("./bus", 0777) = 0 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5088] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5088] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5088] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5088] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 57.118459][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x555555c78760, 24) = 0 [pid 5091] chdir("./7") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5091 [pid 5091] <... setpgid resumed>) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5091] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./bus", 0777) = 0 [ 57.253153][ T5091] loop0: detected capacity change from 0 to 512 [ 57.282371][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5091] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./bus") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] mkdir("./bus", 0777) = 0 [ 57.294940][ T5091] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5091] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5091] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5091] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5091] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 57.396439][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x555555c78750) = 5094 [pid 5094] set_robust_list(0x555555c78760, 24) = 0 [pid 5094] chdir("./8") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./bus", 0777) = 0 [ 57.542461][ T5094] loop0: detected capacity change from 0 to 512 [pid 5094] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./bus") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./bus", 0777) = 0 [pid 5094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5094] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 57.581594][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.594114][ T5094] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5094] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5094] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5094] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 [ 57.687401][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x555555c78760, 24) = 0 [pid 5097] chdir("./9") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5097 [pid 5097] <... setpgid resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5097] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./bus", 0777) = 0 [ 57.841302][ T5097] loop0: detected capacity change from 0 to 512 [ 57.871125][ T5097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5097] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./bus") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [ 57.883834][ T5097] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/9/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5097] mkdir("./bus", 0777) = 0 [pid 5097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5097] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5097] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5097] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5097] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5097] exit_group(0) = ? [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached , child_tidptr=0x555555c78750) = 5100 [pid 5100] set_robust_list(0x555555c78760, 24) = 0 [pid 5100] chdir("./10") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 57.979485][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5100] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./bus", 0777) = 0 [pid 5100] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./bus") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [ 58.077263][ T5100] loop0: detected capacity change from 0 to 512 [ 58.101899][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.114648][ T5100] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/10/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5100] mkdir("./bus", 0777) = 0 [pid 5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5100] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5100] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5100] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 [ 58.212043][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached , child_tidptr=0x555555c78750) = 5103 [pid 5103] set_robust_list(0x555555c78760, 24) = 0 [pid 5103] chdir("./11") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5103] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./bus", 0777) = 0 [pid 5103] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./bus") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] mkdir("./bus", 0777) = 0 [pid 5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5103] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 58.365553][ T5103] loop0: detected capacity change from 0 to 512 [ 58.381345][ T5103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.393814][ T5103] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/11/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5103] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5103] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5103] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5103] exit_group(0) = ? [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 58.503820][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555555c78750) = 5106 [pid 5106] set_robust_list(0x555555c78760, 24) = 0 [pid 5106] chdir("./12") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./bus", 0777) = 0 [ 58.705244][ T5106] loop0: detected capacity change from 0 to 512 [ 58.731433][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5106] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./bus") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./bus", 0777) = 0 [ 58.743956][ T5106] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/12/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5106] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5106] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5106] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5106] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 58.838584][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x555555c78750) = 5109 [pid 5109] set_robust_list(0x555555c78760, 24) = 0 [pid 5109] chdir("./13") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5109] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./bus", 0777) = 0 [pid 5109] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./bus") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] mkdir("./bus", 0777) = 0 [pid 5109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 58.989847][ T5109] loop0: detected capacity change from 0 to 512 [ 59.011198][ T5109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.023670][ T5109] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/13/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5109] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5109] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5109] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5109] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5109] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 59.120301][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached , child_tidptr=0x555555c78750) = 5112 [pid 5112] set_robust_list(0x555555c78760, 24) = 0 [pid 5112] chdir("./14") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5112] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./bus", 0777) = 0 [ 59.272625][ T5112] loop0: detected capacity change from 0 to 512 [ 59.301359][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5112] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5112] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./bus") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] mkdir("./bus", 0777) = 0 [ 59.313941][ T5112] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/14/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5112] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5112] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5112] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5112] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x555555c78760, 24) = 0 [pid 5115] chdir("./15") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5115 [pid 5115] setpgid(0, 0) = 0 [ 59.437438][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5115] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [ 59.534496][ T5115] loop0: detected capacity change from 0 to 512 [ 59.571373][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5115] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./bus") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [pid 5115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5115] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5115] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5115] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5115] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5115] exit_group(0) = ? [ 59.583885][ T5115] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/15/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.682520][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x555555c78750) = 5118 [pid 5118] set_robust_list(0x555555c78760, 24) = 0 [pid 5118] chdir("./16") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5118] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./bus", 0777) = 0 [pid 5118] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./bus") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [ 59.823291][ T5118] loop0: detected capacity change from 0 to 512 [ 59.851280][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5118] close(4) = 0 [pid 5118] mkdir("./bus", 0777) = 0 [pid 5118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5118] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 59.863847][ T5118] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/16/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5118] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5118] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5118] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5118] exit_group(0) = ? [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 59.948690][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x555555c78760, 24) = 0 [pid 5121] chdir("./17") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5121 [pid 5121] <... setpgid resumed>) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5121] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./bus", 0777) = 0 [ 60.101120][ T5121] loop0: detected capacity change from 0 to 512 [pid 5121] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./bus") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] mkdir("./bus", 0777) = 0 [pid 5121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 60.141118][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.153701][ T5121] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/17/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5121] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5121] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5121] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5121] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5121] exit_group(0) = ? [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 60.276619][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./17/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x555555c78750) = 5124 [pid 5124] set_robust_list(0x555555c78760, 24) = 0 [pid 5124] chdir("./18") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5124] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./bus", 0777) = 0 [pid 5124] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./bus") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./bus", 0777) = 0 [pid 5124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5124] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 60.399574][ T5124] loop0: detected capacity change from 0 to 512 [ 60.421506][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.434020][ T5124] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/18/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5124] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5124] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5124] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x555555c78750) = 5127 [ 60.512280][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5127] set_robust_list(0x555555c78760, 24) = 0 [pid 5127] chdir("./19") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5127] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./bus", 0777) = 0 [pid 5127] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5127] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./bus") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] mkdir("./bus", 0777) = 0 [pid 5127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5127] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 60.641842][ T5127] loop0: detected capacity change from 0 to 512 [ 60.660982][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.673530][ T5127] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/19/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5127] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5127] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5127] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 60.764144][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x555555c78760, 24) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5130 [pid 5130] chdir("./20") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5130] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./bus", 0777) = 0 [pid 5130] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./bus") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] mkdir("./bus", 0777) = 0 [ 60.929866][ T5130] loop0: detected capacity change from 0 to 512 [ 60.951058][ T5130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.963571][ T5130] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/20/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5130] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5130] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5130] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5130] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5130] exit_group(0) = ? [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 61.072380][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x555555c78750) = 5134 [pid 5134] set_robust_list(0x555555c78760, 24) = 0 [pid 5134] chdir("./21") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5134] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./bus", 0777) = 0 [pid 5134] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./bus") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] mkdir("./bus", 0777) = 0 [pid 5134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 61.222310][ T5134] loop0: detected capacity change from 0 to 512 [ 61.241081][ T5134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.253588][ T5134] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/21/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5134] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5134] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5134] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5134] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 61.340891][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./21/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555555c78750) = 5137 [pid 5137] set_robust_list(0x555555c78760, 24) = 0 [pid 5137] chdir("./22") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./bus", 0777) = 0 [ 61.483253][ T5137] loop0: detected capacity change from 0 to 512 [ 61.511323][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5137] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5137] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./bus") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] mkdir("./bus", 0777) = 0 [ 61.523870][ T5137] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/22/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5137] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5137] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5137] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5137] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5137] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 [ 61.609280][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555555c78760, 24) = 0 [pid 5140] chdir("./23") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5140 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5140] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./bus", 0777) = 0 [ 61.734131][ T5140] loop0: detected capacity change from 0 to 512 [pid 5140] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./bus") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] mkdir("./bus", 0777) = 0 [pid 5140] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 61.781097][ T5140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.793583][ T5140] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/23/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5140] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5140] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5140] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5140] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5140] exit_group(0) = ? [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.894565][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x555555c78760, 24) = 0 [pid 5143] chdir("./24") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5143 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5143] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./bus", 0777) = 0 [pid 5143] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5143] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./bus") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] mkdir("./bus", 0777) = 0 [pid 5143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5143] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5143] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 62.010410][ T5143] loop0: detected capacity change from 0 to 512 [ 62.031211][ T5143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.043758][ T5143] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/24/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5143] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5143] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555555c78760, 24) = 0 [ 62.124966][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5146] chdir("./25") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5146] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] mkdir("./bus", 0777) = 0 [ 62.253235][ T5146] loop0: detected capacity change from 0 to 512 [ 62.281217][ T5146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5146] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./bus") = 0 [pid 5146] ioctl(4, LOOP_CLR_FD) = 0 [pid 5146] close(4) = 0 [pid 5146] mkdir("./bus", 0777) = 0 [pid 5146] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5146] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5146] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5146] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5146] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5146] exit_group(0) = ? [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 62.293792][ T5146] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/25/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 62.358631][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555555c78760, 24) = 0 [pid 5149] chdir("./26") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5149 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./bus", 0777) = 0 [pid 5149] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./bus") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./bus", 0777) = 0 [pid 5149] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5149] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5149] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 62.471432][ T5149] loop0: detected capacity change from 0 to 512 [ 62.491567][ T5149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.504115][ T5149] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/26/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5149] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x555555c78760, 24) = 0 [pid 5152] chdir("./27") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5152 [ 62.596461][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5152] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./bus", 0777) = 0 [ 62.704405][ T5152] loop0: detected capacity change from 0 to 512 [ 62.741600][ T5152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5152] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5152] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./bus") = 0 [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] mkdir("./bus", 0777) = 0 [pid 5152] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5152] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 62.754138][ T5152] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/27/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5152] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5152] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5152] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5152] exit_group(0) = ? [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 62.844141][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555555c78750) = 5155 [pid 5155] set_robust_list(0x555555c78760, 24) = 0 [pid 5155] chdir("./28") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5155] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./bus", 0777) = 0 [pid 5155] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5155] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./bus") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./bus", 0777) = 0 [pid 5155] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5155] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5155] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5155] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5155] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 63.027617][ T5155] loop0: detected capacity change from 0 to 512 [ 63.050973][ T5155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.063577][ T5155] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/28/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 63.121909][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x555555c78760, 24) = 0 [pid 5158] chdir("./29") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5158] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./bus", 0777) = 0 [pid 5158] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./bus") = 0 [pid 5158] ioctl(4, LOOP_CLR_FD) = 0 [pid 5158] close(4) = 0 [ 63.319618][ T5158] loop0: detected capacity change from 0 to 512 [ 63.341274][ T5158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.353811][ T5158] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/29/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5158] mkdir("./bus", 0777) = 0 [pid 5158] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5158] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5158] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5158] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5158] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5158] exit_group(0) = ? [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 [ 63.476816][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x555555c78750) = 5161 [pid 5161] set_robust_list(0x555555c78760, 24) = 0 [pid 5161] chdir("./30") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5161] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./bus", 0777) = 0 [ 63.642475][ T5161] loop0: detected capacity change from 0 to 512 [pid 5161] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5161] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./bus") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./bus", 0777) = 0 [pid 5161] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5161] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 63.681398][ T5161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.694067][ T5161] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/30/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5161] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5161] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5161] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 [ 63.781285][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555555c78750) = 5164 [pid 5164] set_robust_list(0x555555c78760, 24) = 0 [pid 5164] chdir("./31") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5164] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./bus", 0777) = 0 [ 63.939944][ T5164] loop0: detected capacity change from 0 to 512 [ 63.971884][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5164] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./bus") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./bus", 0777) = 0 [pid 5164] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5164] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5164] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5164] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5164] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 63.984472][ T5164] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/31/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 [ 64.081466][ T5067] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x555555c78760, 24) = 0 [pid 5168] chdir("./32") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5168 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5168] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./bus", 0777) = 0 [pid 5168] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5168] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./bus") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [ 64.226464][ T5168] loop0: detected capacity change from 0 to 512 [ 64.261313][ T5168] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/32/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5168] mkdir("./bus", 0777) = 0 [pid 5168] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5168] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5168] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5168] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5168] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5168] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x555555c78760, 24) = 0 [pid 5172] chdir("./33") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5172 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5172] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./bus", 0777) = 0 [pid 5172] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./bus") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] mkdir("./bus", 0777) = 0 [pid 5172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5172] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5172] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5172] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5172] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5172] exit_group(0) = ? [ 64.482838][ T5172] loop0: detected capacity change from 0 to 512 [ 64.501878][ T5172] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/33/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x555555c78750) = 5175 [pid 5175] set_robust_list(0x555555c78760, 24) = 0 [pid 5175] chdir("./34") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5175] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [pid 5175] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [pid 5175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5175] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5175] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 64.722958][ T5175] loop0: detected capacity change from 0 to 512 [ 64.740917][ T5175] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/34/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5175] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5175] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5178 ./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x555555c78760, 24) = 0 [pid 5178] chdir("./35") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5178] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./bus") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [ 64.926227][ T5178] loop0: detected capacity change from 0 to 512 [ 64.961333][ T5178] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/35/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5178] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5178] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5178] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5178] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5178] exit_group(0) = ? [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x555555c78750) = 5181 [pid 5181] set_robust_list(0x555555c78760, 24) = 0 [pid 5181] chdir("./36") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5181] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./bus", 0777) = 0 [pid 5181] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./bus") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] mkdir("./bus", 0777) = 0 [pid 5181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5181] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5181] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5181] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5181] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 65.174405][ T5181] loop0: detected capacity change from 0 to 512 [ 65.201283][ T5181] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/36/bus supports timestamps until 2038-01-19 (0x7fffffff) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x555555c78750) = 5184 [pid 5184] set_robust_list(0x555555c78760, 24) = 0 [pid 5184] chdir("./37") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5184] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./bus") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5184] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 65.417403][ T5184] loop0: detected capacity change from 0 to 512 [ 65.441179][ T5184] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/37/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5184] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5184] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5184] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x555555c78750) = 5187 [pid 5187] set_robust_list(0x555555c78760, 24) = 0 [pid 5187] chdir("./38") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5187] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [pid 5187] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./bus") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [pid 5187] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5187] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5187] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5187] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5187] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5187] exit_group(0) = ? [ 65.681254][ T5187] loop0: detected capacity change from 0 to 512 [ 65.701365][ T5187] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/38/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x555555c78760, 24) = 0 [pid 5190] chdir("./39") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5190 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5190] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./bus", 0777) = 0 [pid 5190] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./bus") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [ 65.914693][ T5190] loop0: detected capacity change from 0 to 512 [ 65.941076][ T5190] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/39/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5190] mkdir("./bus", 0777) = 0 [pid 5190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5190] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5190] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5190] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5190] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x555555c78760, 24) = 0 [pid 5193] chdir("./40") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [pid 5193] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [pid 5193] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5193] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 66.115103][ T5193] loop0: detected capacity change from 0 to 512 [ 66.141222][ T5193] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/40/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5193] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5193] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5193] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached , child_tidptr=0x555555c78750) = 5196 [pid 5196] set_robust_list(0x555555c78760, 24) = 0 [pid 5196] chdir("./41") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5196] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./bus", 0777) = 0 [pid 5196] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./bus") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./bus", 0777) = 0 [pid 5196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5196] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 66.357434][ T5196] loop0: detected capacity change from 0 to 512 [ 66.371144][ T5196] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/41/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5196] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5196] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5196] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5196] exit_group(0) = ? [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached , child_tidptr=0x555555c78750) = 5199 [pid 5199] set_robust_list(0x555555c78760, 24) = 0 [pid 5199] chdir("./42") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5199] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./bus", 0777) = 0 [pid 5199] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./bus") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] mkdir("./bus", 0777) = 0 [pid 5199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5199] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 66.586630][ T5199] loop0: detected capacity change from 0 to 512 [ 66.611027][ T5199] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/42/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5199] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5199] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5199] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5199] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5202 ./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x555555c78760, 24) = 0 [pid 5202] chdir("./43") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5202] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [pid 5202] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./bus") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [pid 5202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5202] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 66.812663][ T5202] loop0: detected capacity change from 0 to 512 [ 66.831216][ T5202] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/43/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5202] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5202] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5202] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5202] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x555555c78750) = 5205 [pid 5205] set_robust_list(0x555555c78760, 24) = 0 [pid 5205] chdir("./44") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5205] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [pid 5205] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./bus") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [pid 5205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5205] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5205] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 67.111347][ T5205] loop0: detected capacity change from 0 to 512 [ 67.141561][ T5205] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/44/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5205] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5205] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5205] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x555555c78750) = 5208 [pid 5208] set_robust_list(0x555555c78760, 24) = 0 [pid 5208] chdir("./45") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5208] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./bus", 0777) = 0 [ 67.382483][ T5208] loop0: detected capacity change from 0 to 512 [pid 5208] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./bus") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [ 67.421143][ T5208] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/45/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5208] mkdir("./bus", 0777) = 0 [pid 5208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5208] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5208] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5208] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5208] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5208] exit_group(0) = ? [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached , child_tidptr=0x555555c78750) = 5211 [pid 5211] set_robust_list(0x555555c78760, 24) = 0 [pid 5211] chdir("./46") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5211] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./bus", 0777) = 0 [pid 5211] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./bus") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] mkdir("./bus", 0777) = 0 [pid 5211] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5211] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5211] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 67.613076][ T5211] loop0: detected capacity change from 0 to 512 [ 67.640857][ T5211] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/46/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5211] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5211] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x555555c78760, 24) = 0 [pid 5214] chdir("./47") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5214 [pid 5214] <... setpgid resumed>) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5214] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./bus", 0777) = 0 [pid 5214] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./bus") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] mkdir("./bus", 0777) = 0 [pid 5214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5214] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5214] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5214] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5214] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ [ 67.855409][ T5214] loop0: detected capacity change from 0 to 512 [ 67.881112][ T5214] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/47/bus supports timestamps until 2038-01-19 (0x7fffffff) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x555555c78750) = 5217 [pid 5217] set_robust_list(0x555555c78760, 24) = 0 [pid 5217] chdir("./48") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5217] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./bus", 0777) = 0 [pid 5217] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5217] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./bus") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] mkdir("./bus", 0777) = 0 [pid 5217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5217] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5217] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5217] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5217] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5217] exit_group(0) = ? [ 68.070914][ T5217] loop0: detected capacity change from 0 to 512 [ 68.091495][ T5217] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/48/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x555555c78750) = 5220 [pid 5220] set_robust_list(0x555555c78760, 24) = 0 [pid 5220] chdir("./49") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5220] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./bus", 0777) = 0 [pid 5220] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./bus") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./bus", 0777) = 0 [pid 5220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 68.341997][ T5220] loop0: detected capacity change from 0 to 512 [ 68.361328][ T5220] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/49/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5220] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5220] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5220] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5220] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5220] exit_group(0) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x555555c78750) = 5224 [pid 5224] set_robust_list(0x555555c78760, 24) = 0 [pid 5224] chdir("./50") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./bus", 0777) = 0 [pid 5224] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./bus") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./bus", 0777) = 0 [pid 5224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5224] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 68.655296][ T5224] loop0: detected capacity change from 0 to 512 [ 68.690978][ T5224] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/50/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5224] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5224] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5224] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555555c78750) = 5227 [pid 5227] set_robust_list(0x555555c78760, 24) = 0 [pid 5227] chdir("./51") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5227] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./bus", 0777) = 0 [pid 5227] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5227] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./bus") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] mkdir("./bus", 0777) = 0 [pid 5227] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5227] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5227] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5227] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5227] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5227] exit_group(0) = ? [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 [ 68.908707][ T5227] loop0: detected capacity change from 0 to 512 [ 68.941691][ T5227] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/51/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x555555c78750) = 5230 [pid 5230] set_robust_list(0x555555c78760, 24) = 0 [pid 5230] chdir("./52") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5230] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./bus", 0777) = 0 [ 69.122594][ T5230] loop0: detected capacity change from 0 to 512 [pid 5230] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5230] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./bus") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./bus", 0777) = 0 [pid 5230] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5230] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 69.161483][ T5230] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/52/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5230] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5230] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5230] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x555555c78760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5234 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5234] chdir("./53") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5234] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./bus", 0777) = 0 [pid 5234] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./bus") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./bus", 0777) = 0 [pid 5234] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5234] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 69.402351][ T5234] loop0: detected capacity change from 0 to 512 [ 69.431567][ T5234] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/53/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5234] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5234] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5234] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x555555c78750) = 5237 [pid 5237] set_robust_list(0x555555c78760, 24) = 0 [pid 5237] chdir("./54") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5237] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./bus", 0777) = 0 [pid 5237] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./bus") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./bus", 0777) = 0 [pid 5237] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5237] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 69.611108][ T5237] loop0: detected capacity change from 0 to 512 [ 69.630913][ T5237] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/54/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5237] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5237] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5237] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c78750) = 5240 ./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x555555c78760, 24) = 0 [pid 5240] chdir("./55") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5240] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./bus", 0777) = 0 [pid 5240] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./bus") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./bus", 0777) = 0 [pid 5240] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5240] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 69.841500][ T5240] loop0: detected capacity change from 0 to 512 [ 69.871285][ T5240] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/55/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5240] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5240] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5240] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5240] exit_group(0) = ? [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached , child_tidptr=0x555555c78750) = 5243 [pid 5243] set_robust_list(0x555555c78760, 24) = 0 [pid 5243] chdir("./56") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5243] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] mkdir("./bus", 0777) = 0 [pid 5243] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./bus") = 0 [pid 5243] ioctl(4, LOOP_CLR_FD) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./bus", 0777) = 0 [ 70.078276][ T5243] loop0: detected capacity change from 0 to 512 [ 70.111522][ T5243] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/56/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5243] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5243] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5243] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5243] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5243] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5243] exit_group(0) = ? [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached , child_tidptr=0x555555c78750) = 5246 [pid 5246] set_robust_list(0x555555c78760, 24) = 0 [pid 5246] chdir("./57") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5246] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./bus", 0777) = 0 [pid 5246] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5246] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./bus") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] mkdir("./bus", 0777) = 0 [ 70.392092][ T5246] loop0: detected capacity change from 0 to 512 [ 70.421008][ T5246] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/57/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5246] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5246] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5246] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5246] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5246] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5246] exit_group(0) = ? [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x555555c78750) = 5249 [pid 5249] set_robust_list(0x555555c78760, 24) = 0 [pid 5249] chdir("./58") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] memfd_create("syzkaller", 0) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5249] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] mkdir("./bus", 0777) = 0 [pid 5249] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./bus") = 0 [pid 5249] ioctl(4, LOOP_CLR_FD) = 0 [pid 5249] close(4) = 0 [pid 5249] mkdir("./bus", 0777) = 0 [pid 5249] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5249] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 70.683723][ T5249] loop0: detected capacity change from 0 to 512 [ 70.721435][ T5249] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/58/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5249] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5249] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5249] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5249] exit_group(0) = ? [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x555555c78750) = 5252 [pid 5252] set_robust_list(0x555555c78760, 24) = 0 [pid 5252] chdir("./59") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5252] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./bus", 0777) = 0 [pid 5252] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./bus") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [ 70.996418][ T5252] loop0: detected capacity change from 0 to 512 [ 71.032094][ T5252] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/59/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5252] mkdir("./bus", 0777) = 0 [pid 5252] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5252] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5252] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5252] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5252] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555555c78760, 24) = 0 [pid 5255] chdir("./60") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555c78750) = 5255 [pid 5255] <... setpgid resumed>) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5255] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] mkdir("./bus", 0777) = 0 [pid 5255] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5255] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./bus") = 0 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] mkdir("./bus", 0777) = 0 [pid 5255] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5255] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 71.242085][ T5255] loop0: detected capacity change from 0 to 512 [ 71.271736][ T5255] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/60/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5255] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5255] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5255] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5255] exit_group(0) = ? [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c797f0 /* 4 entries */, 32768) = 104 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c81830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c81830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x555555c797f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached , child_tidptr=0x555555c78750) = 5258 [pid 5258] set_robust_list(0x555555c78760, 24) = 0 [pid 5258] chdir("./61") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b47dfd000 [pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5258] munmap(0x7f4b47dfd000, 138412032) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./bus", 0777) = 0 [ 71.507951][ T5258] loop0: detected capacity change from 0 to 512 [pid 5258] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5258] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./bus") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] mkdir("./bus", 0777) = 0 [pid 5258] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5258] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5258] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5258] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 71.551269][ T5258] ext4 filesystem being mounted at /root/syzkaller.d2iMMB/61/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 71.602936][ T5258] ------------[ cut here ]------------ [ 71.608395][ T5258] Looking for class "&ei->i_data_sem" with key __key.0, but found a different class "&ei->i_data_sem" with the same key [ 71.621445][ T5258] WARNING: CPU: 1 PID: 5258 at kernel/locking/lockdep.c:932 look_up_lock_class+0x127/0x130 [ 71.631411][ T5258] Modules linked in: [ 71.635286][ T5258] CPU: 1 PID: 5258 Comm: syz-executor328 Not tainted 6.7.0-rc8-syzkaller #0 [ 71.643935][ T5258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 71.653971][ T5258] RIP: 0010:look_up_lock_class+0x127/0x130 [ 71.659759][ T5258] Code: c7 c7 80 ad cc 8a e8 c8 c2 cd f6 90 0f 0b 90 90 90 31 db eb c2 c6 05 66 65 83 04 01 90 48 c7 c7 a0 b0 cc 8a e8 aa c2 cd f6 90 <0f> 0b 90 90 e9 6a ff ff ff 53 48 39 77 10 48 89 fb 74 51 66 83 7f [ 71.679344][ T5258] RSP: 0018:ffffc900048378d0 EFLAGS: 00010082 [ 71.685391][ T5258] RAX: 0000000000000000 RBX: ffffffff91f6ec90 RCX: ffffffff814db519 [ 71.693344][ T5258] RDX: ffff888026868000 RSI: ffffffff814db526 RDI: 0000000000000001 [ 71.701297][ T5258] RBP: ffffffff928d22a1 R08: 0000000000000001 R09: 0000000000000000 [ 71.709252][ T5258] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807663f088 [ 71.717209][ T5258] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff9280a5e0 [ 71.725168][ T5258] FS: 0000555555c78480(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 71.734081][ T5258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.740648][ T5258] CR2: 00007f4b502b40f8 CR3: 000000007ae57000 CR4: 0000000000350ef0 [ 71.748603][ T5258] Call Trace: [ 71.751868][ T5258] [ 71.754780][ T5258] ? show_regs+0x8f/0xa0 [ 71.759015][ T5258] ? __warn+0xe6/0x390 [ 71.763078][ T5258] ? __wake_up_klogd.part.0+0x99/0xf0 [ 71.768443][ T5258] ? look_up_lock_class+0x127/0x130 [ 71.773627][ T5258] ? report_bug+0x3bc/0x580 [ 71.778117][ T5258] ? handle_bug+0x3d/0x70 [ 71.782436][ T5258] ? exc_invalid_op+0x17/0x40 [ 71.787098][ T5258] ? asm_exc_invalid_op+0x1a/0x20 [ 71.792113][ T5258] ? __warn_printk+0x199/0x350 [ 71.796867][ T5258] ? __warn_printk+0x1a6/0x350 [ 71.801621][ T5258] ? look_up_lock_class+0x127/0x130 [ 71.806800][ T5258] ? print_usage_bug.part.0+0x550/0x550 [ 71.812343][ T5258] register_lock_class+0xb1/0x1220 [ 71.817449][ T5258] ? register_lock_class+0xb1/0x1220 [ 71.822726][ T5258] ? print_usage_bug.part.0+0x550/0x550 [ 71.828269][ T5258] ? register_lock_class+0xb1/0x1220 [ 71.833543][ T5258] ? is_dynamic_key+0x200/0x200 [ 71.838382][ T5258] ? is_dynamic_key+0x200/0x200 [ 71.843224][ T5258] ? is_dynamic_key+0x200/0x200 [ 71.848067][ T5258] ? is_dynamic_key+0x200/0x200 [ 71.852908][ T5258] __lock_acquire+0x112/0x3b20 [ 71.857695][ T5258] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 71.863683][ T5258] ? __down_write_common+0x17a/0x1400 [ 71.869049][ T5258] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 71.875023][ T5258] lock_acquire+0x1ae/0x520 [ 71.879517][ T5258] ? ext4_double_down_write_data_sem+0x42/0x80 [ 71.885665][ T5258] ? lock_sync+0x190/0x190 [ 71.890075][ T5258] ? preempt_count_sub+0x160/0x160 [ 71.895172][ T5258] ? preempt_count_sub+0x160/0x160 [ 71.900270][ T5258] down_write_nested+0x3d/0x50 [ 71.905022][ T5258] ? ext4_double_down_write_data_sem+0x42/0x80 [ 71.911179][ T5258] ext4_double_down_write_data_sem+0x42/0x80 [ 71.917325][ T5258] __ext4_ioctl+0x163e/0x4570 [ 71.921996][ T5258] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 71.927793][ T5258] ? ext4_force_shutdown+0x5d0/0x5d0 [ 71.933073][ T5258] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 71.938957][ T5258] ? do_vfs_ioctl+0x379/0x1920 [ 71.943719][ T5258] ? vfs_fileattr_set+0xbf0/0xbf0 [ 71.948747][ T5258] ? ptrace_notify+0xf4/0x130 [ 71.953418][ T5258] ? bpf_lsm_file_ioctl+0x9/0x10 [ 71.958344][ T5258] ? ext4_fileattr_set+0x17a0/0x17a0 [ 71.963617][ T5258] __x64_sys_ioctl+0x18f/0x210 [ 71.968377][ T5258] do_syscall_64+0x40/0x110 [ 71.972873][ T5258] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.978750][ T5258] RIP: 0033:0x7f4b5023c869 [ 71.983150][ T5258] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.002744][ T5258] RSP: 002b:00007fff78d73148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.011228][ T5258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4b5023c869 [ 72.019183][ T5258] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 72.027138][ T5258] RBP: 0000000000000000 R08: 00007fff78d7317c R09: 00007fff78d7317c [ 72.035090][ T5258] R10: 00007fff78d7317c R11: 0000000000000246 R12: 00007fff78d7317c [ 72.043392][ T5258] R13: 000000000000003d R14: 431bde82d7b634db R15: 00007fff78d731b0 [ 72.051360][ T5258] [ 72.054366][ T5258] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 72.061626][ T5258] CPU: 1 PID: 5258 Comm: syz-executor328 Not tainted 6.7.0-rc8-syzkaller #0 [ 72.070285][ T5258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 72.080329][ T5258] Call Trace: [ 72.083595][ T5258] [ 72.086513][ T5258] dump_stack_lvl+0xd9/0x1b0 [ 72.091100][ T5258] panic+0x6dc/0x790 [ 72.094989][ T5258] ? panic_smp_self_stop+0xa0/0xa0 [ 72.100088][ T5258] ? show_trace_log_lvl+0x363/0x4f0 [ 72.105289][ T5258] ? check_panic_on_warn+0x1f/0xb0 [ 72.110395][ T5258] ? look_up_lock_class+0x127/0x130 [ 72.115582][ T5258] check_panic_on_warn+0xab/0xb0 [ 72.120512][ T5258] __warn+0xf2/0x390 [ 72.124396][ T5258] ? __wake_up_klogd.part.0+0x99/0xf0 [ 72.129760][ T5258] ? look_up_lock_class+0x127/0x130 [ 72.134942][ T5258] report_bug+0x3bc/0x580 [ 72.139264][ T5258] handle_bug+0x3d/0x70 [ 72.143411][ T5258] exc_invalid_op+0x17/0x40 [ 72.147906][ T5258] asm_exc_invalid_op+0x1a/0x20 [ 72.152744][ T5258] RIP: 0010:look_up_lock_class+0x127/0x130 [ 72.158538][ T5258] Code: c7 c7 80 ad cc 8a e8 c8 c2 cd f6 90 0f 0b 90 90 90 31 db eb c2 c6 05 66 65 83 04 01 90 48 c7 c7 a0 b0 cc 8a e8 aa c2 cd f6 90 <0f> 0b 90 90 e9 6a ff ff ff 53 48 39 77 10 48 89 fb 74 51 66 83 7f [ 72.178136][ T5258] RSP: 0018:ffffc900048378d0 EFLAGS: 00010082 [ 72.184193][ T5258] RAX: 0000000000000000 RBX: ffffffff91f6ec90 RCX: ffffffff814db519 [ 72.192148][ T5258] RDX: ffff888026868000 RSI: ffffffff814db526 RDI: 0000000000000001 [ 72.200108][ T5258] RBP: ffffffff928d22a1 R08: 0000000000000001 R09: 0000000000000000 [ 72.208080][ T5258] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807663f088 [ 72.216032][ T5258] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff9280a5e0 [ 72.223995][ T5258] ? __warn_printk+0x199/0x350 [ 72.228755][ T5258] ? __warn_printk+0x1a6/0x350 [ 72.233511][ T5258] ? print_usage_bug.part.0+0x550/0x550 [ 72.239050][ T5258] register_lock_class+0xb1/0x1220 [ 72.244242][ T5258] ? register_lock_class+0xb1/0x1220 [ 72.249519][ T5258] ? print_usage_bug.part.0+0x550/0x550 [ 72.255055][ T5258] ? register_lock_class+0xb1/0x1220 [ 72.260333][ T5258] ? is_dynamic_key+0x200/0x200 [ 72.265175][ T5258] ? is_dynamic_key+0x200/0x200 [ 72.270022][ T5258] ? is_dynamic_key+0x200/0x200 [ 72.274864][ T5258] ? is_dynamic_key+0x200/0x200 [ 72.279707][ T5258] __lock_acquire+0x112/0x3b20 [ 72.284468][ T5258] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 72.290440][ T5258] ? __down_write_common+0x17a/0x1400 [ 72.295800][ T5258] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 72.301775][ T5258] lock_acquire+0x1ae/0x520 [ 72.306271][ T5258] ? ext4_double_down_write_data_sem+0x42/0x80 [ 72.312420][ T5258] ? lock_sync+0x190/0x190 [ 72.316830][ T5258] ? preempt_count_sub+0x160/0x160 [ 72.321925][ T5258] ? preempt_count_sub+0x160/0x160 [ 72.327021][ T5258] down_write_nested+0x3d/0x50 [ 72.331776][ T5258] ? ext4_double_down_write_data_sem+0x42/0x80 [ 72.337924][ T5258] ext4_double_down_write_data_sem+0x42/0x80 [ 72.343896][ T5258] __ext4_ioctl+0x163e/0x4570 [ 72.348565][ T5258] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 72.354361][ T5258] ? ext4_force_shutdown+0x5d0/0x5d0 [ 72.359636][ T5258] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 72.365519][ T5258] ? do_vfs_ioctl+0x379/0x1920 [ 72.370276][ T5258] ? vfs_fileattr_set+0xbf0/0xbf0 [ 72.375298][ T5258] ? ptrace_notify+0xf4/0x130 [ 72.379970][ T5258] ? bpf_lsm_file_ioctl+0x9/0x10 [ 72.384895][ T5258] ? ext4_fileattr_set+0x17a0/0x17a0 [ 72.390169][ T5258] __x64_sys_ioctl+0x18f/0x210 [ 72.394926][ T5258] do_syscall_64+0x40/0x110 [ 72.399423][ T5258] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.405309][ T5258] RIP: 0033:0x7f4b5023c869 [ 72.409709][ T5258] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.429302][ T5258] RSP: 002b:00007fff78d73148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.437702][ T5258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4b5023c869 [ 72.445658][ T5258] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 72.453611][ T5258] RBP: 0000000000000000 R08: 00007fff78d7317c R09: 00007fff78d7317c [ 72.461565][ T5258] R10: 00007fff78d7317c R11: 0000000000000246 R12: 00007fff78d7317c [ 72.469520][ T5258] R13: 000000000000003d R14: 431bde82d7b634db R15: 00007fff78d731b0 [ 72.477478][ T5258] [ 72.480722][ T5258] Kernel Offset: disabled [ 72.485022][ T5258] Rebooting in 86400 seconds.. [pid 5258] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0