./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1438435340 <...> Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts. execve("./syz-executor1438435340", ["./syz-executor1438435340"], 0x7fff7f277750 /* 10 vars */) = 0 brk(NULL) = 0x555556765000 brk(0x555556765d40) = 0x555556765d40 arch_prctl(ARCH_SET_FS, 0x5555567653c0) = 0 set_tid_address(0x555556765690) = 5019 set_robust_list(0x5555567656a0, 24) = 0 rseq(0x555556765ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1438435340", 4096) = 28 getrandom("\x0d\x26\x60\x71\xcf\xb9\x5a\x5c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556765d40 brk(0x555556786d40) = 0x555556786d40 brk(0x555556787000) = 0x555556787000 mprotect(0x7fc13f8b2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5020 ./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x5555567656a0, 24) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5020] mkdir("./syzkaller.zsJsgQ", 0700./strace-static-x86_64: Process 5021 attached [pid 5019] <... clone resumed>, child_tidptr=0x555556765690) = 5021 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5021] set_robust_list(0x5555567656a0, 24 [pid 5020] <... mkdir resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555556765690) = 5022 [pid 5021] <... set_robust_list resumed>) = 0 [pid 5020] chmod("./syzkaller.zsJsgQ", 0777 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5020] <... chmod resumed>) = 0 [pid 5020] chdir("./syzkaller.zsJsgQ") = 0 [pid 5020] mkdir("./0", 0777 [pid 5019] <... clone resumed>, child_tidptr=0x555556765690) = 5023 [pid 5021] mkdir("./syzkaller.Z0xSQI", 0700 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5020] <... mkdir resumed>) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5020] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5020] close(3./strace-static-x86_64: Process 5022 attached [pid 5019] <... clone resumed>, child_tidptr=0x555556765690) = 5024 [pid 5021] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x5555567656a0, 24) = 0 [pid 5020] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5021] chmod("./syzkaller.Z0xSQI", 0777 [pid 5020] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5021] <... chmod resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555556765690) = 5025 [pid 5022] set_robust_list(0x5555567656a0, 24 [pid 5023] mkdir("./syzkaller.XFPE47", 0700./strace-static-x86_64: Process 5025 attached ./strace-static-x86_64: Process 5026 attached ./strace-static-x86_64: Process 5024 attached [pid 5022] <... set_robust_list resumed>) = 0 [pid 5021] chdir("./syzkaller.Z0xSQI") = 0 [pid 5022] mkdir("./syzkaller.q4tRVh", 0700 [pid 5021] mkdir("./0", 0777) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5026] set_robust_list(0x5555567656a0, 24 [pid 5025] set_robust_list(0x5555567656a0, 24 [pid 5026] <... set_robust_list resumed>) = 0 [pid 5024] set_robust_list(0x5555567656a0, 24 [pid 5021] <... openat resumed>) = 3 [pid 5020] <... clone resumed>, child_tidptr=0x555556765690) = 5026 [pid 5021] ioctl(3, LOOP_CLR_FD [pid 5026] chdir("./0" [pid 5021] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] <... set_robust_list resumed>) = 0 [pid 5026] <... chdir resumed>) = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5021] close(3 [pid 5022] <... mkdir resumed>) = 0 [pid 5021] <... close resumed>) = 0 [pid 5022] chmod("./syzkaller.q4tRVh", 0777 [pid 5026] <... prctl resumed>) = 0 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] <... chmod resumed>) = 0 [pid 5022] chdir("./syzkaller.q4tRVh") = 0 [pid 5022] mkdir("./0", 0777 [pid 5021] <... clone resumed>, child_tidptr=0x555556765690) = 5027 [pid 5026] setpgid(0, 0 [pid 5022] <... mkdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5026] <... setpgid resumed>) = 0 [pid 5025] mkdir("./syzkaller.WStBqc", 0700 [pid 5022] <... openat resumed>) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5022] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... mkdir resumed>) = 0 [pid 5026] write(3, "1000", 4 [pid 5023] <... mkdir resumed>) = 0 [pid 5023] chmod("./syzkaller.XFPE47", 0777 [pid 5026] <... write resumed>) = 4 [pid 5024] <... set_robust_list resumed>) = 0 [pid 5026] close(3 [pid 5023] <... chmod resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5023] chdir("./syzkaller.XFPE47") = 0 [pid 5022] <... clone resumed>, child_tidptr=0x555556765690) = 5028 [pid 5024] mkdir("./syzkaller.tkkQTx", 0700 [pid 5026] symlink("/dev/binderfs", "./binderfs" [pid 5023] mkdir("./0", 0777 [pid 5026] <... symlink resumed>) = 0 [pid 5023] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x5555567656a0, 24 [pid 5024] <... mkdir resumed>) = 0 [pid 5027] <... set_robust_list resumed>) = 0 [pid 5026] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] chdir("./0" [pid 5025] chmod("./syzkaller.WStBqc", 0777 [pid 5026] <... futex resumed>) = 0 [pid 5026] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, NULL, 8) = 0 [pid 5025] <... chmod resumed>) = 0 [pid 5026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5027] <... chdir resumed>) = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5027] <... prctl resumed>) = 0 [pid 5027] setpgid(0, 0 [pid 5025] chdir("./syzkaller.WStBqc" [pid 5026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... chdir resumed>) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5023] <... openat resumed>) = 3 [pid 5026] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5025] mkdir("./0", 0777 [pid 5026] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5027] <... setpgid resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] <... mprotect resumed>) = 0 [pid 5023] ioctl(3, LOOP_CLR_FD [pid 5027] <... openat resumed>) = 3 [pid 5026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5025] <... mkdir resumed>) = 0 [pid 5024] chmod("./syzkaller.tkkQTx", 0777 [pid 5026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5024] <... chmod resumed>) = 0 [pid 5023] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5023] close(3) = 0 [pid 5026] <... clone3 resumed> => {parent_tid=[5029]}, 88) = 5029 [pid 5024] chdir("./syzkaller.tkkQTx" [pid 5025] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5026] rt_sigprocmask(SIG_SETMASK, [], [pid 5024] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5028 attached [pid 5027] write(3, "1000", 4 [pid 5026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5024] mkdir("./0", 0777 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] set_robust_list(0x5555567656a0, 24 [pid 5027] <... write resumed>) = 4 [pid 5025] <... openat resumed>) = 3 [pid 5026] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... set_robust_list resumed>) = 0 [pid 5027] close(3 [pid 5023] <... clone resumed>, child_tidptr=0x555556765690) = 5030 [pid 5026] <... futex resumed>) = 0 [pid 5028] chdir("./0" [pid 5027] <... close resumed>) = 0 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5024] <... mkdir resumed>) = 0 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5029 attached [pid 5028] <... chdir resumed>) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... futex resumed>) = 0 [pid 5029] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] <... symlink resumed>) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5024] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5030 attached [pid 5029] <... rseq resumed>) = 0 [pid 5028] <... prctl resumed>) = 0 [pid 5027] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] close(3 [pid 5026] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5030] set_robust_list(0x5555567656a0, 24 [pid 5029] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5028] setpgid(0, 0 [pid 5027] <... futex resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5026] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5024] <... openat resumed>) = 3 [pid 5030] <... set_robust_list resumed>) = 0 [pid 5029] <... set_robust_list resumed>) = 0 [pid 5028] <... setpgid resumed>) = 0 [pid 5027] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] chdir("./0" [pid 5029] rt_sigprocmask(SIG_SETMASK, [], [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5026] <... mprotect resumed>) = 0 [pid 5024] ioctl(3, LOOP_CLR_FD [pid 5030] <... chdir resumed>) = 0 [pid 5029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] memfd_create("syzkaller", 0 [pid 5028] write(3, "1000", 4 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5024] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5032 attached [pid 5030] <... prctl resumed>) = 0 [pid 5029] <... memfd_create resumed>) = 3 [pid 5028] <... write resumed>) = 4 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5025] <... clone resumed>, child_tidptr=0x555556765690) = 5032 [pid 5026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5024] close(3 [pid 5032] set_robust_list(0x5555567656a0, 24 [pid 5030] setpgid(0, 0 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5028] close(3 [pid 5027] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5024] <... close resumed>) = 0 [pid 5032] <... set_robust_list resumed>) = 0 [pid 5030] <... setpgid resumed>) = 0 [pid 5029] <... mmap resumed>) = 0x7fc1373ab000 [pid 5028] <... close resumed>) = 0 [pid 5027] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached [pid 5032] chdir("./0" [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5028] symlink("/dev/binderfs", "./binderfs" [pid 5027] <... mprotect resumed>) = 0 [pid 5026] <... clone3 resumed> => {parent_tid=[5033]}, 88) = 5033 [pid 5033] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5032] <... chdir resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5029] <... write resumed>) = 262144 [pid 5028] <... symlink resumed>) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] rt_sigprocmask(SIG_SETMASK, [], [pid 5024] <... clone resumed>, child_tidptr=0x555556765690) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5033] <... rseq resumed>) = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5030] write(3, "1000", 4 [pid 5029] munmap(0x7fc1373ab000, 262144 [pid 5028] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] set_robust_list(0x5555567656a0, 24 [pid 5033] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5032] <... prctl resumed>) = 0 [pid 5030] <... write resumed>) = 4 [pid 5029] <... munmap resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5026] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5033] <... set_robust_list resumed>) = 0 [pid 5032] setpgid(0, 0 [pid 5030] close(3 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5028] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5026] <... futex resumed>) = 0 [pid 5034] chdir("./0" [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] <... setpgid resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5029] <... openat resumed>) = 4 [pid 5028] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5027] <... clone3 resumed> => {parent_tid=[5035]}, 88) = 5035 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5034] <... chdir resumed>) = 0 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 55.054732][ T5029] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5029 'syz-executor143' [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5030] symlink("/dev/binderfs", "./binderfs" [pid 5029] ioctl(4, LOOP_SET_FD, 3 [pid 5028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5033] memfd_create("syzkaller", 0 [pid 5032] <... openat resumed>) = 3 [pid 5030] <... symlink resumed>) = 0 [pid 5028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... prctl resumed>) = 0 [pid 5033] <... memfd_create resumed>) = 5 [pid 5032] write(3, "1000", 4 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5035 attached [pid 5034] setpgid(0, 0 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5032] <... write resumed>) = 4 [pid 5030] <... futex resumed>) = 0 [pid 5028] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5027] <... futex resumed>) = 0 [pid 5035] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5034] <... setpgid resumed>) = 0 [pid 5033] <... mmap resumed>) = 0x7fc12efeb000 [pid 5032] close(3 [pid 5030] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5028] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... rseq resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5032] <... close resumed>) = 0 [pid 5035] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5032] symlink("/dev/binderfs", "./binderfs" [pid 5035] <... set_robust_list resumed>) = 0 [pid 5034] <... openat resumed>) = 3 [pid 5033] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5032] <... symlink resumed>) = 0 [pid 5030] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5028] <... mprotect resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] write(3, "1000", 4 [pid 5032] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5029] <... ioctl resumed>) = 0 [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... write resumed>) = 4 [pid 5032] <... futex resumed>) = 0 [pid 5030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] close(3 [pid 5028] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5035] memfd_create("syzkaller", 0 [pid 5034] close(3 [pid 5033] <... write resumed>) = 262144 [pid 5032] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... close resumed>) = 0 [pid 5028] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5027] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5035] <... memfd_create resumed>) = 3 [pid 5034] <... close resumed>) = 0 [pid 5033] munmap(0x7fc12efeb000, 262144 [pid 5032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5030] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5029] mkdir("./file0", 0777 [pid 5028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5027] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5034] symlink("/dev/binderfs", "./binderfs" [pid 5033] <... munmap resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5030] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5027] <... mprotect resumed>) = 0 [pid 5035] <... mmap resumed>) = 0x7fc1373ab000 [pid 5034] <... symlink resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5030] <... mprotect resumed>) = 0 [pid 5029] <... mkdir resumed>) = 0 [pid 5028] <... clone3 resumed> => {parent_tid=[5036]}, 88) = 5036 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5034] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... openat resumed>) = 3 [pid 5030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5028] rt_sigprocmask(SIG_SETMASK, [], [pid 5027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5033] ioctl(3, LOOP_SET_FD, 5 [pid 5030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5033] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5028] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5033] ioctl(3, LOOP_CLR_FD [pid 5028] <... futex resumed>) = 0 [pid 5027] <... clone3 resumed> => {parent_tid=[5037]}, 88) = 5037 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5033] <... ioctl resumed>) = 0 [pid 5030] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] rt_sigprocmask(SIG_SETMASK, [], [pid 5028] <... futex resumed>) = 0 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5036 attached [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5034] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5028] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5027] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5037 attached [pid 5036] <... rseq resumed>) = 0 [pid 5034] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5033] ioctl(3, LOOP_SET_FD, 5 [pid 5030] <... futex resumed>) = 0 [pid 5028] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5037] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5036] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5035] <... write resumed>) = 262144 [pid 5034] <... mprotect resumed>) = 0 [pid 5033] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5032] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5030] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... mprotect resumed>) = 0 [pid 5037] <... rseq resumed>) = 0 [pid 5036] <... set_robust_list resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5033] close(3 [pid 5032] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5030] <... futex resumed>) = 0 [pid 5028] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5037] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] munmap(0x7fc1373ab000, 262144 [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] <... close resumed>) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5028] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] <... munmap resumed>) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5033] close(5 [pid 5032] <... mprotect resumed>) = 0 [pid 5030] <... mmap resumed>) = 0x7fc13f7ab000 [ 55.099959][ T5029] loop0: detected capacity change from 0 to 512 [pid 5028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] memfd_create("syzkaller", 0 [pid 5035] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5033] <... close resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5030] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5036] <... memfd_create resumed>) = 3 [pid 5035] <... openat resumed>) = 4 [pid 5034] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [pid 5033] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5030] <... mprotect resumed>) = 0 [pid 5028] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5037] memfd_create("syzkaller", 0 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5035] ioctl(4, LOOP_SET_FD, 3 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] <... futex resumed>) = 1 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5028] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... futex resumed>) = 0 [pid 5037] <... memfd_create resumed>) = 5 [pid 5036] <... mmap resumed>) = 0x7fc1373ab000 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5040 attached [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5034] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5039 attached [pid 5040] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5037] <... mmap resumed>) = 0x7fc12efeb000 [pid 5036] <... write resumed>) = 262144 [pid 5034] <... futex resumed>) = 0 [pid 5033] creat("./bus", 000 [pid 5028] <... futex resumed>) = 0 [pid 5040] <... rseq resumed>) = 0 [pid 5039] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5037] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5036] munmap(0x7fc1373ab000, 262144 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... creat resumed>) = 3 [pid 5032] <... clone3 resumed> => {parent_tid=[5041]}, 88) = 5041 [pid 5030] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5026] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5041 attached [pid 5040] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5039] <... rseq resumed>) = 0 [pid 5037] <... write resumed>) = 262144 [pid 5036] <... munmap resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5033] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] <... set_robust_list resumed>) = 0 [pid 5039] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5037] munmap(0x7fc12efeb000, 262144 [pid 5036] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] <... futex resumed>) = 0 [pid 5030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5038 attached [pid 5041] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] <... set_robust_list resumed>) = 0 [pid 5037] <... munmap resumed>) = 0 [pid 5036] <... openat resumed>) = 4 [pid 5035] <... ioctl resumed>) = 0 [pid 5034] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5033] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 5042 attached [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5036] ioctl(4, LOOP_SET_FD, 3 [pid 5034] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5032] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5041] <... rseq resumed>) = 0 [pid 5040] memfd_create("syzkaller", 0 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5037] <... openat resumed>) = 6 [pid 5035] close(3 [pid 5034] <... mprotect resumed>) = 0 [pid 5030] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] <... rseq resumed>) = 0 [pid 5040] <... memfd_create resumed>) = 5 [pid 5039] memfd_create("syzkaller", 0 [pid 5037] ioctl(6, LOOP_SET_FD, 5 [pid 5036] <... ioctl resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5033] <... futex resumed>) = 0 [pid 5032] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 1 [pid 5041] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5038] <... rseq resumed>) = 0 [pid 5042] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5039] <... memfd_create resumed>) = 3 [pid 5038] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5037] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5036] close(3 [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5032] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... set_robust_list resumed>) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] <... mmap resumed>) = 0x7fc12efeb000 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] ioctl(6, LOOP_CLR_FD [pid 5036] <... close resumed>) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5033] <... mount resumed>) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5039] <... mmap resumed>) = 0x7fc1373ab000 [pid 5037] <... ioctl resumed>) = 0 [pid 5036] mkdir("./file0", 0777 [pid 5033] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] <... write resumed>) = 262144 [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5036] <... mkdir resumed>) = 0 [pid 5034] <... clone3 resumed> => {parent_tid=[5046]}, 88) = 5046 [pid 5033] <... futex resumed>) = 0 [pid 5042] memfd_create("syzkaller", 0 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] munmap(0x7fc12efeb000, 262144 [pid 5039] <... write resumed>) = 262144 [pid 5038] <... set_robust_list resumed>) = 0 [pid 5036] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5035] <... close resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] <... memfd_create resumed>) = 3 [pid 5041] memfd_create("syzkaller", 0 [pid 5040] <... munmap resumed>) = 0 [pid 5039] munmap(0x7fc1373ab000, 262144 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5041] <... memfd_create resumed>) = 3 [pid 5040] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5039] <... munmap resumed>) = 0 [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] ioctl(6, LOOP_SET_FD, 5 [pid 5035] mkdir("./file0", 0777 [pid 5034] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5026] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5046 attached [pid 5042] <... mmap resumed>) = 0x7fc1373ab000 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5040] <... openat resumed>) = 3 [pid 5039] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5038] memfd_create("syzkaller", 0 [pid 5037] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5034] <... futex resumed>) = 0 [pid 5046] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 55.151485][ T5035] loop1: detected capacity change from 0 to 512 [ 55.172363][ T5036] loop2: detected capacity change from 0 to 512 [ 55.183481][ T5029] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5041] <... mmap resumed>) = 0x7fc1373ab000 [pid 5040] ioctl(3, LOOP_SET_FD, 5 [pid 5039] <... openat resumed>) = 4 [pid 5037] close(6 [pid 5035] <... mkdir resumed>) = 0 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] <... memfd_create resumed>) = 4 [pid 5033] <... futex resumed>) = 0 [pid 5032] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5026] <... futex resumed>) = 1 [pid 5046] <... rseq resumed>) = 0 [pid 5042] <... write resumed>) = 262144 [pid 5040] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5039] ioctl(4, LOOP_SET_FD, 3 [pid 5037] <... close resumed>) = 0 [pid 5033] write(-1, NULL, 0 [pid 5046] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5042] munmap(0x7fc1373ab000, 262144 [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5040] ioctl(3, LOOP_CLR_FD [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] close(5 [pid 5035] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5033] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5032] <... mprotect resumed>) = 0 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... set_robust_list resumed>) = 0 [pid 5042] <... munmap resumed>) = 0 [pid 5040] <... ioctl resumed>) = 0 [pid 5039] <... ioctl resumed>) = 0 [pid 5037] <... close resumed>) = 0 [pid 5033] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5041] <... write resumed>) = 262144 [pid 5039] close(3 [pid 5038] <... mmap resumed>) = 0x7fc12efeb000 [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] <... openat resumed>) = 5 [pid 5039] <... close resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5033] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... futex resumed>) = 0 [pid 5046] memfd_create("syzkaller", 0 [pid 5042] ioctl(5, LOOP_SET_FD, 3 [pid 5039] mkdir("./file0", 0777 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... memfd_create resumed>) = 3 [pid 5042] <... ioctl resumed>) = 0 [pid 5041] munmap(0x7fc1373ab000, 262144 [pid 5040] ioctl(3, LOOP_SET_FD, 5 [pid 5039] <... mkdir resumed>) = 0 [pid 5038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [ 55.214682][ T5029] ext4 filesystem being mounted at /root/syzkaller.zsJsgQ/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.229211][ T5039] loop4: detected capacity change from 0 to 512 [ 55.245005][ T5042] loop3: detected capacity change from 0 to 512 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5042] close(3 [pid 5040] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5039] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5037] creat("./bus", 000 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... mmap resumed>) = 0x7fc12efeb000 [pid 5042] <... close resumed>) = 0 [pid 5041] <... munmap resumed>) = 0 [pid 5040] close(3 [pid 5038] <... write resumed>) = 262144 [pid 5037] <... creat resumed>) = 3 [pid 5033] <... futex resumed>) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5026] <... futex resumed>) = 1 [pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5042] mkdir("./file0", 0777 [pid 5041] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5040] <... close resumed>) = 0 [pid 5038] munmap(0x7fc12efeb000, 262144 [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5046] <... write resumed>) = 262144 [pid 5042] <... mkdir resumed>) = 0 [pid 5040] close(5 [pid 5041] <... openat resumed>) = 4 [pid 5037] <... futex resumed>) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] munmap(0x7fc12efeb000, 262144 [pid 5042] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5040] <... close resumed>) = 0 [pid 5038] <... munmap resumed>) = 0 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... open resumed>) = 5 [pid 5032] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5051 attached [pid 5046] <... munmap resumed>) = 0 [pid 5041] ioctl(4, LOOP_SET_FD, 3 [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5027] <... futex resumed>) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5040] <... futex resumed>) = 1 [pid 5037] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... openat resumed>) = 5 [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... mount resumed>) = 0 [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] ioctl(5, LOOP_SET_FD, 3 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5046] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5040] creat("./bus", 000 [pid 5037] <... futex resumed>) = 1 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5046] ioctl(5, LOOP_CLR_FD [pid 5040] <... creat resumed>) = 3 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... mount resumed>) = 0 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... ioctl resumed>) = 0 [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5027] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5037] write(-1, NULL, 0 [pid 5029] <... openat resumed>) = 6 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5029] chdir("./file0" [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... chdir resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5051] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5046] ioctl(5, LOOP_SET_FD, 3 [pid 5041] <... ioctl resumed>) = 0 [ 55.258288][ T5036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.293721][ T5041] loop5: detected capacity change from 0 to 512 [ 55.300098][ T5036] ext4 filesystem being mounted at /root/syzkaller.q4tRVh/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5040] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5038] <... openat resumed>) = 3 [pid 5037] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 1 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] ioctl(4, LOOP_CLR_FD [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 0 [pid 5046] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5040] <... mount resumed>) = 0 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... ioctl resumed>) = 0 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] close(5 [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] close(4 [pid 5027] <... futex resumed>) = 0 [pid 5046] <... close resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5029] <... close resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] close(3 [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... open resumed>) = 5 [pid 5029] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... close resumed>) = 0 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5046] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] write(-1, NULL, 0 [pid 5037] <... futex resumed>) = 1 [pid 5029] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5046] <... futex resumed>) = 1 [pid 5040] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] <... futex resumed>) = 1 [pid 5037] write(5, "\xc4", 1 [pid 5034] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] creat("./bus", 000 [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... write resumed>) = 1 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... creat resumed>) = 3 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5046] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5037] <... futex resumed>) = 1 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5046] <... futex resumed>) = 1 [pid 5040] <... open resumed>) = 5 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5051] <... rseq resumed>) = 0 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] close(3 [pid 5040] <... futex resumed>) = 1 [pid 5038] ioctl(3, LOOP_SET_FD, 4 [pid 5037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5034] <... futex resumed>) = 0 [pid 5033] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5046] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5041] <... close resumed>) = 0 [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5037] <... open resumed>) = 6 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 0 [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5051] <... set_robust_list resumed>) = 0 [pid 5046] <... mount resumed>) = 0 [pid 5041] mkdir("./file0", 0777 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] write(5, "\xc4", 1 [pid 5028] <... futex resumed>) = 0 [pid 5046] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] write(5, "\xc4", 1 [pid 5038] ioctl(3, LOOP_CLR_FD [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] <... futex resumed>) = 1 [pid 5032] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] <... write resumed>) = 1 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] <... futex resumed>) = 1 [pid 5041] <... mkdir resumed>) = 0 [pid 5040] <... write resumed>) = 1 [pid 5038] <... ioctl resumed>) = 0 [pid 5037] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5029] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [ 55.316411][ T5035] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.333409][ T5039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.346186][ T5042] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5027] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] memfd_create("syzkaller", 0 [pid 5046] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... mount resumed>) = 0 [pid 5041] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... mount resumed>) = 0 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... mount resumed>) = 0 [pid 5034] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... memfd_create resumed>) = 3 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5040] <... futex resumed>) = 1 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5037] sendfile(5, 6, NULL, 281474978811909 [pid 5036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5034] <... futex resumed>) = 0 [pid 5029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... futex resumed>) = 0 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5046] write(-1, NULL, 0 [pid 5042] <... openat resumed>) = 6 [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... openat resumed>) = 5 [pid 5038] ioctl(3, LOOP_SET_FD, 4 [pid 5036] <... openat resumed>) = 6 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... mmap resumed>) = 0x7fc12efeb000 [pid 5046] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5042] chdir("./file0" [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] chdir("./file0" [pid 5038] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5036] chdir("./file0" [ 55.370571][ T5035] ext4 filesystem being mounted at /root/syzkaller.Z0xSQI/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.384164][ T5039] ext4 filesystem being mounted at /root/syzkaller.tkkQTx/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.396923][ T5042] ext4 filesystem being mounted at /root/syzkaller.XFPE47/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5028] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5046] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... chdir resumed>) = 0 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5039] <... chdir resumed>) = 0 [pid 5038] close(3 [pid 5036] <... chdir resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5051] <... write resumed>) = 262144 [pid 5046] <... futex resumed>) = 1 [pid 5042] ioctl(5, LOOP_CLR_FD [pid 5039] ioctl(4, LOOP_CLR_FD [pid 5038] <... close resumed>) = 0 [pid 5036] ioctl(4, LOOP_CLR_FD [pid 5034] <... futex resumed>) = 0 [pid 5029] <... open resumed>) = 4 [pid 5051] munmap(0x7fc12efeb000, 262144 [pid 5046] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... ioctl resumed>) = 0 [pid 5039] <... ioctl resumed>) = 0 [pid 5038] close(4 [pid 5036] <... ioctl resumed>) = 0 [pid 5034] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... munmap resumed>) = 0 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] close(5 [pid 5040] <... open resumed>) = 7 [pid 5039] close(4 [pid 5038] <... close resumed>) = 0 [pid 5036] close(4 [pid 5034] <... futex resumed>) = 0 [pid 5029] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5042] <... close resumed>) = 0 [pid 5039] <... close resumed>) = 0 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... close resumed>) = 0 [pid 5034] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... openat resumed>) = 5 [pid 5042] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5036] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] ioctl(5, LOOP_SET_FD, 3 [pid 5042] <... futex resumed>) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5038] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... futex resumed>) = 0 [pid 5051] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5042] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... futex resumed>) = 0 [pid 5051] ioctl(5, LOOP_CLR_FD [pid 5046] <... open resumed>) = 4 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 1 [ 55.433728][ T27] audit: type=1800 audit(1692814051.104:2): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor143" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5026] <... futex resumed>) = 0 [pid 5051] <... ioctl resumed>) = 0 [pid 5046] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 1 [pid 5029] sendfile(5, 4, NULL, 281474978811909 [pid 5027] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5026] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 1 [pid 5040] <... futex resumed>) = 1 [pid 5038] creat("./bus", 000 [pid 5034] <... futex resumed>) = 0 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 0 [pid 5051] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5034] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5029] <... sendfile resumed>) = 0 [pid 5028] <... futex resumed>) = 1 [pid 5051] close(5 [pid 5039] write(4, "\xc4", 1 [pid 5036] sendfile(5, 7, NULL, 281474978811909 [pid 5034] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... close resumed>) = 0 [pid 5051] close(3) = 0 [pid 5051] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... sendfile resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5051] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... creat resumed>) = 3 [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5029] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5051] creat("./bus", 000 [pid 5046] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... write resumed>) = 1 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5028] exit_group(0 [pid 5026] <... futex resumed>) = 0 [pid 5051] <... creat resumed>) = 3 [pid 5040] <... futex resumed>) = ? [pid 5039] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = ? [pid 5030] <... futex resumed>) = 0 [pid 5029] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... exit_group resumed>) = ? [pid 5026] exit_group(0 [pid 5051] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] +++ exited with 0 +++ [pid 5033] <... futex resumed>) = ? [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... exit_group resumed>) = ? [pid 5051] <... futex resumed>) = 1 [pid 5038] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5033] +++ exited with 0 +++ [pid 5032] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5029] <... futex resumed>) = ? [pid 5051] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... mount resumed>) = 0 [pid 5032] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [ 55.471828][ T5041] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.473862][ T27] audit: type=1800 audit(1692814051.134:3): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor143" name="bus" dev="loop2" ino=18 res=0 errno=0 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] +++ exited with 0 +++ [pid 5039] <... futex resumed>) = 1 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... mount resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 5051] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5041] <... mount resumed>) = 0 [pid 5039] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... futex resumed>) = 0 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5034] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5051] <... mount resumed>) = 0 [pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] write(-1, NULL, 0 [pid 5035] <... openat resumed>) = 7 [pid 5034] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5022] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5051] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... openat resumed>) = 5 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5038] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5035] chdir("./file0" [pid 5034] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5051] <... futex resumed>) = 1 [pid 5041] chdir("./file0" [pid 5039] <... open resumed>) = 6 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... chdir resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5020] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5051] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... chdir resumed>) = 0 [pid 5039] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5035] ioctl(4, LOOP_CLR_FD [pid 5032] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] ioctl(4, LOOP_CLR_FD [pid 5039] <... futex resumed>) = 1 [pid 5038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5035] <... ioctl resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [ 55.528483][ T5041] ext4 filesystem being mounted at /root/syzkaller.WStBqc/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5022] <... openat resumed>) = 3 [pid 5020] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5051] write(-1, NULL, 0 [pid 5041] <... ioctl resumed>) = 0 [pid 5039] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... open resumed>) = 4 [pid 5035] close(4 [pid 5034] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 3 [pid 5051] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5041] close(4 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] <... close resumed>) = 0 [pid 5020] newfstatat(3, "", [pid 5051] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... close resumed>) = 0 [pid 5035] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5041] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5020] getdents64(3, [pid 5051] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = 0 [pid 5035] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5032] <... futex resumed>) = 0 [pid 5020] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5032] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... umount2 resumed>) = 0 [pid 5020] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5020] unlink("./0/bus") = 0 [pid 5020] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] <... futex resumed>) = 0 [pid 5022] newfstatat(3, "", [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5020] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5039] sendfile(4, 6, NULL, 281474978811909 [pid 5034] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] unlink("./0/binderfs") = 0 [pid 5020] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] getdents64(3, [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5022] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5038] <... futex resumed>) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] write(4, "\xc4", 1 [pid 5030] <... futex resumed>) = 0 [pid 5038] <... write resumed>) = 1 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 0 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5041] <... open resumed>) = 4 [pid 5038] <... open resumed>) = 5 [pid 5039] <... sendfile resumed>) = 1 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5041] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] sendfile(4, 5, NULL, 281474978811909 [pid 5030] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5041] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5041] write(4, "\xc4", 1 [pid 5039] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5022] <... umount2 resumed>) = 0 [pid 5041] <... write resumed>) = 1 [pid 5039] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... sendfile resumed>) = 262143 [pid 5034] exit_group(0 [pid 5022] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5046] <... futex resumed>) = ? [pid 5041] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = ? [pid 5037] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... exit_group resumed>) = ? [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5046] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 5041] <... futex resumed>) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5027] exit_group(0 [pid 5024] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5022] newfstatat(AT_FDCWD, "./0/bus", [pid 5041] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = ? [pid 5032] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... exit_group resumed>) = ? [pid 5024] restart_syscall(<... resuming interrupted clone ...> [pid 5022] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ [pid 5032] <... futex resumed>) = 0 [pid 5024] <... restart_syscall resumed>) = 0 [pid 5041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5032] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] +++ exited with 0 +++ [pid 5022] unlink("./0/bus" [pid 5041] <... open resumed>) = 6 [pid 5022] <... unlink resumed>) = 0 [pid 5041] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5041] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... openat resumed>) = 3 [pid 5021] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5024] newfstatat(3, "", [pid 5021] <... openat resumed>) = 3 [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5021] newfstatat(3, "", [pid 5024] getdents64(3, [pid 5021] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5041] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5024] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5022] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5021] getdents64(3, [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5024] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5021] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5041] sendfile(4, 6, NULL, 281474978811909 [pid 5032] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] unlink("./0/binderfs" [pid 5021] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... unlink resumed>) = 0 [pid 5022] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] <... sendfile resumed>) = 1 [pid 5041] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5041] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0 [pid 5051] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5024] <... umount2 resumed>) = 0 [pid 5024] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5024] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5024] unlink("./0/bus" [pid 5032] +++ exited with 0 +++ [pid 5024] <... unlink resumed>) = 0 [pid 5021] <... umount2 resumed>) = 0 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5024] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 55.628845][ T5020] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5024] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5021] newfstatat(AT_FDCWD, "./0/bus", [pid 5025] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5021] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] unlink("./0/binderfs" [pid 5021] unlink("./0/bus" [pid 5025] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5024] <... unlink resumed>) = 0 [pid 5021] <... unlink resumed>) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5024] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] newfstatat(3, "", [pid 5021] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5021] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5025] getdents64(3, [pid 5021] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5021] unlink("./0/binderfs" [pid 5025] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] <... unlink resumed>) = 0 [pid 5021] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./0/bus") = 0 [pid 5025] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./0/binderfs") = 0 [ 55.688285][ T5022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.703615][ T5024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5025] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] <... umount2 resumed>) = 0 [pid 5020] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5020] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5020] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5020] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5020] close(4) = 0 [pid 5020] rmdir("./0/file0" [pid 5022] <... umount2 resumed>) = 0 [pid 5038] <... sendfile resumed>) = 262143 [pid 5038] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5038] <... futex resumed>) = 0 [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] exit_group(0 [pid 5042] <... futex resumed>) = ? [pid 5030] <... exit_group resumed>) = ? [pid 5042] +++ exited with 0 +++ [ 55.731911][ T5025] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5022] newfstatat(AT_FDCWD, "./0/file0", [pid 5024] <... umount2 resumed>) = 0 [pid 5024] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] <... rmdir resumed>) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5020] getdents64(3, [pid 5024] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5020] close(3 [pid 5024] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5020] <... close resumed>) = 0 [pid 5024] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] rmdir("./0" [pid 5024] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5020] <... rmdir resumed>) = 0 [pid 5024] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5020] mkdir("./1", 0777 [pid 5024] close(4) = 0 [pid 5020] <... mkdir resumed>) = 0 [pid 5024] rmdir("./0/file0") = 0 [pid 5024] getdents64(3, [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5024] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5024] close(3 [pid 5020] <... openat resumed>) = 3 [pid 5024] <... close resumed>) = 0 [pid 5020] ioctl(3, LOOP_CLR_FD [pid 5024] rmdir("./0" [pid 5020] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5024] <... rmdir resumed>) = 0 [pid 5024] mkdir("./1", 0777 [pid 5020] close(3 [pid 5024] <... mkdir resumed>) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5020] <... close resumed>) = 0 [pid 5024] <... openat resumed>) = 3 [pid 5024] ioctl(3, LOOP_CLR_FD [pid 5020] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5024] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5024] close(3) = 0 [pid 5020] <... clone resumed>, child_tidptr=0x555556765690) = 5064 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5065 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555567656a0, 24) = 0 [pid 5064] chdir("./1") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 5065 attached NULL, 8) = 0 [pid 5065] set_robust_list(0x5555567656a0, 24 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5065] chdir("./1" [pid 5064] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... chdir resumed>) = 0 [pid 5064] <... mprotect resumed>) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... prctl resumed>) = 0 [pid 5064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] setpgid(0, 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5022] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... setpgid resumed>) = 0 [pid 5038] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone3 resumed> => {parent_tid=[5066]}, 88) = 5066 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], [pid 5022] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] write(3, "1000", 4 [pid 5064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... write resumed>) = 4 [pid 5064] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5064] <... futex resumed>) = 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... futex resumed>) = 0 [pid 5023] <... openat resumed>) = 3 [pid 5065] <... symlink resumed>) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5023] newfstatat(3, "", [pid 5065] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5064] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5023] getdents64(3, [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5064] <... mprotect resumed>) = 0 [pid 5023] <... getdents64 resumed>0x555556766730 /* 4 entries */, 32768) = 112 [pid 5065] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5023] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5066 attached [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5023] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5066] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5023] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rseq resumed>) = 0 [pid 5065] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5064] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5023] unlink("./0/binderfs" [pid 5066] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5065] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5064] rt_sigprocmask(SIG_SETMASK, [], [pid 5023] <... unlink resumed>) = 0 [pid 5022] <... openat resumed>) = 4 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... mprotect resumed>) = 0 [pid 5064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5023] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] newfstatat(4, "", [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... futex resumed>) = 0 [pid 5066] memfd_create("syzkaller", 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... memfd_create resumed>) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5066] <... mmap resumed>) = 0x7fc1373ab000 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... write resumed>) = 262144 [pid 5065] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5022] getdents64(4, [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5067 attached [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5022] getdents64(4, [pid 5067] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5065] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5022] <... getdents64 resumed>0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5067] <... rseq resumed>) = 0 [pid 5066] munmap(0x7fc1373ab000, 262144 [pid 5065] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5022] close(4./strace-static-x86_64: Process 5068 attached [pid 5067] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5066] <... munmap resumed>) = 0 [pid 5065] <... mprotect resumed>) = 0 [pid 5022] <... close resumed>) = 0 [pid 5068] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5022] rmdir("./0/file0" [pid 5068] <... rseq resumed>) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... openat resumed>) = 4 [pid 5065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5068] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(4, LOOP_SET_FD, 3 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5068] <... set_robust_list resumed>) = 0 [ 55.809566][ T5021] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.838887][ T5066] loop0: detected capacity change from 0 to 512 [pid 5067] memfd_create("syzkaller", 0 [pid 5022] <... rmdir resumed>) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... memfd_create resumed>) = 5 [pid 5065] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] memfd_create("syzkaller", 0 [pid 5067] <... mmap resumed>) = 0x7fc12efeb000 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5022] getdents64(3, [pid 5068] <... memfd_create resumed>) = 3 [pid 5067] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... write resumed>) = 262144 [pid 5065] <... futex resumed>) = 0 [pid 5022] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5068] <... mmap resumed>) = 0x7fc1373ab000 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5069 attached [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5067] munmap(0x7fc12efeb000, 262144 [pid 5022] close(3 [pid 5069] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5068] <... write resumed>) = 262144 [pid 5067] <... munmap resumed>) = 0 [pid 5069] <... rseq resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5067] <... openat resumed>) = 6 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5068] munmap(0x7fc1373ab000, 262144 [pid 5067] ioctl(6, LOOP_SET_FD, 5 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] <... munmap resumed>) = 0 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] memfd_create("syzkaller", 0) = 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... openat resumed>) = 5 [pid 5069] <... mmap resumed>) = 0x7fc12efeb000 [pid 5068] ioctl(5, LOOP_SET_FD, 3 [pid 5069] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5068] <... ioctl resumed>) = 0 [pid 5022] <... close resumed>) = 0 [pid 5022] rmdir("./0") = 0 [pid 5022] mkdir("./1", 0777 [pid 5069] <... write resumed>) = 262144 [pid 5022] <... mkdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD [pid 5069] munmap(0x7fc12efeb000, 262144 [pid 5022] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5070 [pid 5067] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5067] ioctl(6, LOOP_CLR_FD) = 0 [pid 5069] <... munmap resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 5066] <... ioctl resumed>) = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5069] ioctl(6, LOOP_SET_FD, 4 [pid 5067] ioctl(6, LOOP_SET_FD, 5 [pid 5069] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5067] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] close(3 [pid 5069] ioctl(6, LOOP_CLR_FD [pid 5067] close(6 [pid 5066] <... close resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] mkdir("./file0", 0777./strace-static-x86_64: Process 5070 attached [pid 5067] close(5 [pid 5066] <... mkdir resumed>) = 0 [pid 5070] set_robust_list(0x5555567656a0, 24 [pid 5067] <... close resumed>) = 0 [pid 5066] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5070] <... set_robust_list resumed>) = 0 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] chdir("./1" [pid 5069] ioctl(6, LOOP_SET_FD, 4 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] <... chdir resumed>) = 0 [pid 5069] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] close(6 [pid 5068] close(3 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5070] <... prctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] creat("./bus", 000 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] setpgid(0, 0 [pid 5069] close(4 [pid 5068] mkdir("./file0", 0777 [pid 5067] <... creat resumed>) = 3 [pid 5070] <... setpgid resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5025] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... openat resumed>) = 3 [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] write(3, "1000", 4 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... write resumed>) = 4 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] newfstatat(AT_FDCWD, "./0/file0", [pid 5070] close(3 [pid 5069] creat("./bus", 000 [pid 5067] <... mount resumed>) = 0 [ 55.857119][ T5023] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.865863][ T5068] loop4: detected capacity change from 0 to 512 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] <... close resumed>) = 0 [pid 5069] <... creat resumed>) = 3 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] symlink("/dev/binderfs", "./binderfs" [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] <... symlink resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] write(-1, NULL, 0 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... openat resumed>) = 4 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5069] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5067] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5069] <... mount resumed>) = 0 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] newfstatat(4, "", [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5070] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] getdents64(4, [pid 5070] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5069] write(-1, NULL, 0 [pid 5067] <... open resumed>) = 5 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... mprotect resumed>) = 0 [pid 5069] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] write(5, "\xc4", 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5069] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5067] <... write resumed>) = 1 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] <... open resumed>) = 4 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5070] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5069] write(4, "\xc4", 1 [pid 5067] <... open resumed>) = 6 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] <... write resumed>) = 1 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5070] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5069] <... futex resumed>) = 1 [pid 5067] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... mprotect resumed>) = 0 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] sendfile(5, 6, NULL, 281474978811909 [pid 5065] <... futex resumed>) = 0 [ 55.926345][ T5023] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5718: Out of memory [ 55.926598][ T5021] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5718: Out of memory [ 55.951329][ T5066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5064] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5069] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5069] <... open resumed>) = 6 [pid 5025] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5070] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] rmdir("./0/file0" [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] <... futex resumed>) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5025] getdents64(3, ./strace-static-x86_64: Process 5076 attached 0x555556766730 /* 0 entries */, 32768) = 0 [pid 5076] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5025] close(3 [pid 5076] <... rseq resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5076] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5025] rmdir("./0" [pid 5076] <... set_robust_list resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5025] mkdir("./1", 0777 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... mkdir resumed>) = 0 [pid 5076] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 55.974538][ T5068] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.005499][ T5023] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #4: comm syz-executor143: mark_inode_dirty error [pid 5025] close(3./strace-static-x86_64: Process 5075 attached [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... mount resumed>) = 0 [pid 5065] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] <... close resumed>) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5075] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5070] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... futex resumed>) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555556765690) = 5077 [pid 5077] set_robust_list(0x5555567656a0, 24 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... rseq resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5069] sendfile(4, 6, NULL, 281474978811909 [pid 5066] <... openat resumed>) = 7 [pid 5065] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0 [pid 5075] set_robust_list(0x7fc13f7ec9a0, 24 [ 56.018998][ T5021] EXT4-fs error (device loop1): ext4_quota_off:7107: inode #4: comm syz-executor143: mark_inode_dirty error [ 56.019027][ T5066] ext4 filesystem being mounted at /root/syzkaller.zsJsgQ/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.049784][ T5068] ext4 filesystem being mounted at /root/syzkaller.tkkQTx/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5070] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] <... memfd_create resumed>) = 3 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5066] chdir("./file0" [pid 5077] chdir("./1" [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... chdir resumed>) = 0 [pid 5077] <... chdir resumed>) = 0 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(4, LOOP_CLR_FD [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] memfd_create("syzkaller", 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5077] <... prctl resumed>) = 0 [pid 5075] <... memfd_create resumed>) = 4 [pid 5066] close(4 [pid 5077] setpgid(0, 0 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 5077] <... setpgid resumed>) = 0 [pid 5076] <... mmap resumed>) = 0x7fc1373ab000 [pid 5075] <... mmap resumed>) = 0x7fc12efab000 [pid 5066] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5075] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5066] <... futex resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... write resumed>) = 262144 [pid 5075] <... write resumed>) = 262144 [pid 5066] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 56.085569][ T5023] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5718: Out of memory [ 56.095148][ T5021] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5718: Out of memory [ 56.104965][ T5021] EXT4-fs error (device loop1): ext4_quota_off:7107: inode #3: comm syz-executor143: mark_inode_dirty error [pid 5077] write(3, "1000", 4 [pid 5075] munmap(0x7fc12efab000, 262144 [pid 5077] <... write resumed>) = 4 [pid 5075] <... munmap resumed>) = 0 [pid 5077] close(3 [pid 5075] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5077] <... close resumed>) = 0 [pid 5075] <... openat resumed>) = 5 [pid 5077] symlink("/dev/binderfs", "./binderfs" [pid 5075] ioctl(5, LOOP_SET_FD, 4 [pid 5077] <... symlink resumed>) = 0 [pid 5076] munmap(0x7fc1373ab000, 262144 [pid 5075] <... ioctl resumed>) = 0 [pid 5067] <... sendfile resumed>) = 262143 [pid 5077] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] close(4 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5076] <... munmap resumed>) = 0 [pid 5075] <... close resumed>) = 0 [pid 5067] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] exit_group(0 [pid 5077] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5075] mkdir("./file0", 0777 [pid 5067] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = ? [pid 5064] <... exit_group resumed>) = ? [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5076] <... openat resumed>) = 4 [pid 5075] <... mkdir resumed>) = 0 [pid 5069] <... sendfile resumed>) = 262143 [pid 5068] <... mount resumed>) = 0 [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] ioctl(4, LOOP_SET_FD, 3 [pid 5075] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5069] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5076] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5069] <... futex resumed>) = 0 [pid 5068] <... openat resumed>) = 7 [pid 5020] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5077] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5076] ioctl(4, LOOP_CLR_FD [pid 5069] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] chdir("./file0" [pid 5020] restart_syscall(<... resuming interrupted clone ...> [ 56.133514][ T5023] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz-executor143: mark_inode_dirty error [ 56.142643][ T5075] loop2: detected capacity change from 0 to 512 [pid 5077] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5076] <... ioctl resumed>) = 0 [pid 5068] <... chdir resumed>) = 0 [pid 5023] <... umount2 resumed>) = 0 [pid 5021] <... umount2 resumed>) = 0 [pid 5020] <... restart_syscall resumed>) = 0 [pid 5077] <... mprotect resumed>) = 0 [pid 5068] ioctl(5, LOOP_CLR_FD [pid 5023] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5068] <... ioctl resumed>) = 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] ioctl(4, LOOP_SET_FD, 3 [pid 5068] close(5 [pid 5023] newfstatat(AT_FDCWD, "./0/file0", [pid 5021] newfstatat(AT_FDCWD, "./0/file0", [pid 5076] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5068] <... close resumed>) = 0 [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5021] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5076] close(4 [pid 5068] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5076] <... close resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5076] close(3 [pid 5068] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5021] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5020] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... close resumed>) = 0 [pid 5065] exit_group(0 [pid 5023] <... openat resumed>) = 4 [pid 5021] <... openat resumed>) = 4 [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] <... clone3 resumed> => {parent_tid=[5080]}, 88) = 5080 [pid 5076] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = ? [pid 5068] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5023] newfstatat(4, "", [pid 5021] newfstatat(4, "", [pid 5020] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5021] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] +++ exited with 0 +++ [pid 5020] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5080 attached [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5020] newfstatat(3, "", [pid 5080] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5077] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5020] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] <... rseq resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5070] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] getdents64(3, [pid 5080] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] creat("./bus", 000 [pid 5024] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] getdents64(4, [pid 5021] getdents64(4, [pid 5020] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5020] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5024] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5024] <... openat resumed>) = 3 [pid 5023] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5021] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5020] <... umount2 resumed>) = 0 [pid 5080] memfd_create("syzkaller", 0 [pid 5077] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5076] <... creat resumed>) = 3 [pid 5075] <... mount resumed>) = 0 [pid 5024] newfstatat(3, "", [pid 5023] getdents64(4, [pid 5021] getdents64(4, [pid 5020] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] <... memfd_create resumed>) = 3 [pid 5077] <... mprotect resumed>) = 0 [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5076] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5024] getdents64(3, [pid 5023] <... getdents64 resumed>0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5021] <... getdents64 resumed>0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5020] newfstatat(AT_FDCWD, "./1/bus", [pid 5080] <... mmap resumed>) = 0x7fc1373ab000 [pid 5077] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5075] <... openat resumed>) = 4 [pid 5070] <... futex resumed>) = 0 [pid 5024] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5020] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] close(4 [pid 5021] close(4 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5070] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] unlink("./1/bus" [pid 5080] <... write resumed>) = 262144 [pid 5076] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5075] chdir("./file0" [pid 5070] <... futex resumed>) = 0 [pid 5024] <... umount2 resumed>) = 0 [pid 5023] <... close resumed>) = 0 [pid 5021] <... close resumed>) = 0 [pid 5020] <... unlink resumed>) = 0 [ 56.180019][ T5075] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.215866][ T5075] ext4 filesystem being mounted at /root/syzkaller.q4tRVh/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5080] munmap(0x7fc1373ab000, 262144 [pid 5077] <... clone3 resumed> => {parent_tid=[5081]}, 88) = 5081 [pid 5070] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... mount resumed>) = 0 [pid 5024] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5081 attached [pid 5080] <... munmap resumed>) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... chdir resumed>) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] rmdir("./0/file0" [pid 5021] rmdir("./0/file0" [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5080] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5075] ioctl(5, LOOP_CLR_FD [pid 5070] <... futex resumed>) = 0 [pid 5024] newfstatat(AT_FDCWD, "./1/bus", [pid 5023] <... rmdir resumed>) = 0 [pid 5021] <... rmdir resumed>) = 0 [pid 5020] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5081] <... rseq resumed>) = 0 [pid 5080] <... openat resumed>) = 4 [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... ioctl resumed>) = 0 [pid 5070] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] getdents64(3, [pid 5021] getdents64(3, [pid 5020] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] close(5 [pid 5070] <... futex resumed>) = 0 [pid 5024] unlink("./1/bus" [pid 5023] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5021] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5020] unlink("./1/binderfs" [pid 5081] <... set_robust_list resumed>) = 0 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] write(-1, NULL, 0 [pid 5075] <... close resumed>) = 0 [pid 5023] close(3 [pid 5021] close(3 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... close resumed>) = 0 [pid 5021] <... close resumed>) = 0 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5023] rmdir("./0" [pid 5021] rmdir("./0" [pid 5081] memfd_create("syzkaller", 0 [pid 5076] <... futex resumed>) = 0 [pid 5075] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... unlink resumed>) = 0 [pid 5023] <... rmdir resumed>) = 0 [pid 5021] <... rmdir resumed>) = 0 [pid 5020] <... unlink resumed>) = 0 [pid 5081] <... memfd_create resumed>) = 5 [pid 5076] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5024] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] mkdir("./1", 0777 [pid 5021] mkdir("./1", 0777 [pid 5020] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] <... mkdir resumed>) = 0 [pid 5021] <... mkdir resumed>) = 0 [pid 5081] <... mmap resumed>) = 0x7fc12efeb000 [pid 5023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5081] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5075] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5024] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5023] <... openat resumed>) = 3 [pid 5021] <... openat resumed>) = 3 [pid 5081] <... write resumed>) = 262144 [pid 5075] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5070] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] ioctl(3, LOOP_CLR_FD [pid 5021] ioctl(3, LOOP_CLR_FD [pid 5081] munmap(0x7fc12efeb000, 262144 [pid 5024] unlink("./1/binderfs" [pid 5023] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5021] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... munmap resumed>) = 0 [pid 5024] <... unlink resumed>) = 0 [pid 5023] close(3 [pid 5021] close(3 [pid 5081] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5075] <... open resumed>) = 5 [pid 5024] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] <... close resumed>) = 0 [pid 5021] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 6 [pid 5075] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached [pid 5081] ioctl(6, LOOP_SET_FD, 5 [pid 5080] <... ioctl resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5075] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5082] set_robust_list(0x5555567656a0, 24 [pid 5075] write(5, "\xc4", 1 [ 56.277791][ T5080] loop5: detected capacity change from 0 to 512 [pid 5070] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5082] <... set_robust_list resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5080] close(3 [pid 5075] <... write resumed>) = 1 [pid 5023] <... clone resumed>, child_tidptr=0x555556765690) = 5082 [pid 5021] <... clone resumed>, child_tidptr=0x555556765690) = 5083 [pid 5083] set_robust_list(0x5555567656a0, 24 [pid 5082] chdir("./1" [pid 5081] ioctl(6, LOOP_CLR_FD [pid 5080] <... close resumed>) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] <... chdir resumed>) = 0 [pid 5081] <... ioctl resumed>) = 0 [pid 5080] mkdir("./file0", 0777 [pid 5083] chdir("./1" [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] <... mkdir resumed>) = 0 [pid 5083] <... chdir resumed>) = 0 [pid 5082] <... prctl resumed>) = 0 [pid 5080] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] setpgid(0, 0 [pid 5075] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... prctl resumed>) = 0 [pid 5082] <... setpgid resumed>) = 0 [pid 5081] ioctl(6, LOOP_SET_FD, 5 [pid 5083] setpgid(0, 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5083] <... setpgid resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] close(6 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] write(3, "1000", 4 [pid 5081] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5082] <... write resumed>) = 4 [pid 5081] close(5 [pid 5083] write(3, "1000", 4 [pid 5082] close(3 [pid 5081] <... close resumed>) = 0 [pid 5083] <... write resumed>) = 4 [pid 5082] <... close resumed>) = 0 [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(3 [pid 5082] symlink("/dev/binderfs", "./binderfs" [pid 5081] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] <... symlink resumed>) = 0 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5070] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] symlink("/dev/binderfs", "./binderfs" [pid 5082] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5075] <... open resumed>) = 6 [pid 5070] <... futex resumed>) = 0 [pid 5083] <... symlink resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5081] creat("./bus", 000 [pid 5083] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5081] <... creat resumed>) = 3 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5081] <... futex resumed>) = 0 [pid 5083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... mmap resumed>) = 0x7fc13f7cc000 [pid 5082] <... mprotect resumed>) = 0 [pid 5083] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... mprotect resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} [pid 5082] <... clone3 resumed> => {parent_tid=[5085]}, 88) = 5085 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] sendfile(5, 6, NULL, 281474978811909 [pid 5070] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5081] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5086 attached ./strace-static-x86_64: Process 5085 attached [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5081] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5086] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5085] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5083] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5082] <... mprotect resumed>) = 0 [pid 5081] <... mount resumed>) = 0 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... sendfile resumed>) = 1 [pid 5070] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rseq resumed>) = 0 [pid 5085] <... rseq resumed>) = 0 [pid 5083] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 56.319737][ T5024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.346565][ T5020] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5086] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5085] set_robust_list(0x7fc13f7ec9a0, 24 [pid 5083] <... mprotect resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5070] exit_group(0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5081] write(-1, NULL, 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5081] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5082] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] memfd_create("syzkaller", 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... futex resumed>) = 0 [pid 5086] <... memfd_create resumed>) = 3 [pid 5085] <... memfd_create resumed>) = 3 [pid 5083] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5088 attached [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5086] <... mmap resumed>) = 0x7fc1373ab000 [pid 5085] <... mmap resumed>) = 0x7fc1373ab000 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5088] <... rseq resumed>) = 0 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5076] <... futex resumed>) = ? [pid 5070] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5089 attached [pid 5088] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5086] <... write resumed>) = 262144 [pid 5085] <... write resumed>) = 262144 [pid 5083] <... futex resumed>) = 0 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] +++ exited with 0 +++ [pid 5089] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] munmap(0x7fc1373ab000, 262144 [pid 5085] munmap(0x7fc1373ab000, 262144 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... rseq resumed>) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] <... munmap resumed>) = 0 [pid 5085] <... munmap resumed>) = 0 [pid 5089] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5085] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] memfd_create("syzkaller", 0 [pid 5086] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 4 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] <... memfd_create resumed>) = 5 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [ 56.374659][ T5080] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.407234][ T5086] loop1: detected capacity change from 0 to 512 [ 56.413714][ T5085] loop3: detected capacity change from 0 to 512 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] <... ioctl resumed>) = 0 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 5089] memfd_create("syzkaller", 0 [pid 5088] <... mmap resumed>) = 0x7fc12efeb000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5089] <... memfd_create resumed>) = 5 [pid 5088] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] <... write resumed>) = 262144 [pid 5081] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5089] <... mmap resumed>) = 0x7fc12efeb000 [pid 5088] munmap(0x7fc12efeb000, 262144 [pid 5081] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5088] <... munmap resumed>) = 0 [pid 5081] <... open resumed>) = 5 [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... write resumed>) = 262144 [pid 5088] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5086] close(3 [pid 5085] <... ioctl resumed>) = 0 [ 56.420817][ T5080] ext4 filesystem being mounted at /root/syzkaller.WStBqc/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.444552][ T5024] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5718: Out of memory [ 56.459229][ T5020] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5718: Out of memory [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... mount resumed>) = 0 [pid 5085] close(3 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5085] <... close resumed>) = 0 [pid 5080] <... openat resumed>) = 6 [pid 5085] mkdir("./file0", 0777 [pid 5080] chdir("./file0" [pid 5085] <... mkdir resumed>) = 0 [pid 5080] <... chdir resumed>) = 0 [pid 5085] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5080] ioctl(4, LOOP_CLR_FD [pid 5089] munmap(0x7fc12efeb000, 262144 [pid 5088] <... openat resumed>) = 3 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... ioctl resumed>) = 0 [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5022] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] <... munmap resumed>) = 0 [pid 5088] ioctl(3, LOOP_SET_FD, 5 [pid 5086] <... close resumed>) = 0 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] close(4 [pid 5077] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5088] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5086] mkdir("./file0", 0777 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... close resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5022] <... openat resumed>) = 3 [pid 5089] <... openat resumed>) = 3 [pid 5088] ioctl(3, LOOP_CLR_FD [pid 5081] write(5, "\xc4", 1 [pid 5080] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] newfstatat(3, "", [pid 5086] <... mkdir resumed>) = 0 [pid 5089] ioctl(3, LOOP_SET_FD, 5 [pid 5088] <... ioctl resumed>) = 0 [pid 5081] <... write resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5086] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5089] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5081] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] getdents64(3, [pid 5089] ioctl(3, LOOP_CLR_FD [pid 5081] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5080] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5080] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5077] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... ioctl resumed>) = 0 [pid 5089] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5088] ioctl(3, LOOP_SET_FD, 5 [pid 5089] close(3) = 0 [pid 5089] close(5) = 0 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 56.471527][ T5024] EXT4-fs error (device loop4): ext4_quota_off:7107: inode #4: comm syz-executor143: mark_inode_dirty error [ 56.492411][ T5020] EXT4-fs error (device loop0): ext4_quota_off:7107: inode #4: comm syz-executor143: mark_inode_dirty error [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... open resumed>) = 4 [pid 5080] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5088] close(3) = 0 [pid 5088] close(5) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] creat("./bus", 000 [pid 5077] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... creat resumed>) = 3 [pid 5088] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 0 [pid 5089] <... mount resumed>) = 0 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] sendfile(5, 4, NULL, 281474978811909 [pid 5088] creat("./bus", 000 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... creat resumed>) = 3 [pid 5089] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5080] <... sendfile resumed>) = 0 [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5089] write(-1, NULL, 0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5089] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5089] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = ? [pid 5080] <... futex resumed>) = ? [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5083] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 1 [ 56.510491][ T27] audit: type=1800 audit(1692814052.184:4): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor143" name="bus" dev="loop5" ino=18 res=0 errno=0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5088] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ [pid 5082] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... open resumed>) = 5 [pid 5088] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5089] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5025] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] write(5, "\xc4", 1 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... write resumed>) = 1 [pid 5025] <... openat resumed>) = 3 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] newfstatat(3, "", [pid 5089] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5088] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5088] <... mount resumed>) = 0 [pid 5088] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... open resumed>) = 6 [pid 5083] <... futex resumed>) = 0 [pid 5025] getdents64(3, [pid 5082] <... futex resumed>) = 0 [pid 5022] <... umount2 resumed>) = 0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5025] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5022] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5088] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [ 56.545712][ T5024] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5718: Out of memory [ 56.557692][ T5020] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5718: Out of memory [ 56.561831][ T5024] EXT4-fs error (device loop4): ext4_quota_off:7107: inode #3: comm syz-executor143: mark_inode_dirty error [pid 5089] <... futex resumed>) = 1 [pid 5088] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] newfstatat(AT_FDCWD, "./1/bus", [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... mount resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5085] chdir("./file0") = 0 [pid 5083] <... futex resumed>) = 0 [pid 5024] <... umount2 resumed>) = 0 [pid 5022] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] sendfile(5, 6, NULL, 281474978811909 [pid 5022] unlink("./1/bus" [pid 5082] <... futex resumed>) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5082] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5022] <... unlink resumed>) = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5085] <... futex resumed>) = 0 [pid 5022] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5085] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] unlink("./1/binderfs") = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./1/bus", [pid 5022] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./1/bus") = 0 [pid 5025] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 56.586252][ T5085] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.588682][ T5020] EXT4-fs error (device loop0): ext4_quota_off:7107: inode #3: comm syz-executor143: mark_inode_dirty error [ 56.603772][ T5085] ext4 filesystem being mounted at /root/syzkaller.XFPE47/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.639467][ T5086] ------------[ cut here ]------------ [pid 5025] unlink("./1/binderfs" [pid 5024] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5024] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5024] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5024] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] <... unlink resumed>) = 0 [pid 5025] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5088] <... open resumed>) = 6 [pid 5024] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5024] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5024] close(4) = 0 [pid 5024] rmdir("./1/file0") = 0 [pid 5024] getdents64(3, 0x555556766730 /* 0 entries */, 32768) = 0 [pid 5024] close(3) = 0 [pid 5024] rmdir("./1") = 0 [pid 5024] mkdir("./2", 0777) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5024] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5024] close(3) = 0 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555567656a0, 24) = 0 [pid 5094] chdir("./2") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] write(3, "1000", 4 [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5094] <... write resumed>) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc13f7cc000 [ 56.645276][ T5086] kernel BUG at fs/ext4/super.c:7010! [ 56.659142][ T5022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.677409][ T5025] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.687479][ T5086] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.693582][ T5086] CPU: 1 PID: 5086 Comm: syz-executor143 Not tainted 6.5.0-rc7-syzkaller-00018-g89bf6209cad6 #0 [ 56.703995][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 56.714045][ T5086] RIP: 0010:ext4_enable_quotas+0xb7a/0xb90 [ 56.719953][ T5086] Code: ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 3a f7 ff ff 49 89 d6 48 89 df e8 13 07 99 ff 4c 89 f2 e9 27 f7 ff ff e8 36 35 40 ff <0f> 0b e8 2f 35 40 ff 0f 0b e8 e8 4d 71 08 0f 1f 84 00 00 00 00 00 [ 56.739556][ T5086] RSP: 0018:ffffc90003d7f880 EFLAGS: 00010293 [ 56.745617][ T5086] RAX: ffffffff824b82fa RBX: 0000000000000000 RCX: ffff88802cd08000 [ 56.753582][ T5086] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.761547][ T5086] RBP: ffffc90003d7fa50 R08: ffffffff824b7bf4 R09: 1ffff1100eadb457 [ 56.769515][ T5086] R10: dffffc0000000000 R11: ffffed100eadb458 R12: 0000000000000001 [ 56.777490][ T5086] R13: 0000000000000001 R14: ffff88801675d464 R15: dffffc0000000000 [ 56.785461][ T5086] FS: 00007fc13f7ec6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.794472][ T5086] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.801050][ T5086] CR2: 00007fc13f8b86c0 CR3: 000000001635a000 CR4: 00000000003506e0 [ 56.809045][ T5086] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.817024][ T5086] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.824989][ T5086] Call Trace: [ 56.828260][ T5086] [ 56.831186][ T5086] ? __die_body+0x5e/0xa0 [ 56.835515][ T5086] ? die+0x87/0xb0 [ 56.839230][ T5086] ? do_trap+0x11e/0x350 [ 56.843463][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.848668][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.853868][ T5086] ? do_error_trap+0x141/0x1f0 [ 56.858624][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.863820][ T5086] ? do_int3+0x30/0x30 [ 56.867878][ T5086] ? report_bug+0x3e4/0x500 [ 56.872380][ T5086] ? handle_invalid_op+0x2c/0x40 [ 56.877338][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.882530][ T5086] ? exc_invalid_op+0x33/0x50 [ 56.887201][ T5086] ? asm_exc_invalid_op+0x1a/0x20 [ 56.892222][ T5086] ? ext4_enable_quotas+0x474/0xb90 [ 56.897453][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.902642][ T5086] ? ext4_enable_quotas+0xb7a/0xb90 [ 56.907837][ T5086] ? ext4_force_commit+0xc0/0xc0 [ 56.912770][ T5086] ? ext4_orphan_file_block_trigger+0x580/0x580 [ 56.919009][ T5086] ? __init_swait_queue_head+0xae/0x150 [ 56.924553][ T5086] ? ext4_register_sysfs+0x27b/0x2b0 [ 56.929834][ T5086] ext4_fill_super+0x6157/0x6ce0 [ 56.934779][ T5086] ? ext4_parse_test_dummy_encryption+0xa0/0xa0 [ 56.941036][ T5086] ? snprintf+0xda/0x120 [ 56.945289][ T5086] ? set_blocksize+0x1e2/0x390 [ 56.950046][ T5086] ? sb_set_blocksize+0x99/0x100 [ 56.954979][ T5086] get_tree_bdev+0x468/0x6c0 [ 56.959566][ T5086] ? ext4_parse_test_dummy_encryption+0xa0/0xa0 [ 56.965822][ T5086] vfs_get_tree+0x8c/0x270 [ 56.970247][ T5086] do_new_mount+0x28f/0xae0 [ 56.974765][ T5086] ? do_move_mount_old+0x170/0x170 [ 56.979881][ T5086] ? user_path_at_empty+0x12f/0x180 [ 56.985085][ T5086] __se_sys_mount+0x2d9/0x3c0 [ 56.989781][ T5086] ? __x64_sys_mount+0xc0/0xc0 [ 56.994562][ T5086] ? syscall_enter_from_user_mode+0x32/0x230 [ 57.000559][ T5086] ? __x64_sys_mount+0x20/0xc0 [ 57.005322][ T5086] do_syscall_64+0x41/0xc0 [ 57.009734][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.015621][ T5086] RIP: 0033:0x7fc13f83111a [ 57.020027][ T5086] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.039626][ T5086] RSP: 002b:00007fc13f7ec088 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [pid 5094] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5085] write(6, "\xc4", 1 [pid 5082] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... write resumed>) = 1 [pid 5085] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5082] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open resumed>) = 4 [ 57.048032][ T5086] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fc13f83111a [ 57.056001][ T5086] RDX: 00000000200005c0 RSI: 0000000020000000 RDI: 00007fc13f7ec0a0 [ 57.063984][ T5086] RBP: 00007fc13f7ec0a0 R08: 00007fc13f7ec0e0 R09: 00000000000004d4 [ 57.071960][ T5086] R10: 0000000000200810 R11: 0000000000000206 R12: 00007fc13f7ec0e0 [ 57.080014][ T5086] R13: 0000000000200810 R14: 0000000000000003 R15: 0000000000040000 [ 57.088154][ T5086] [ 57.091199][ T5086] Modules linked in: [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5085] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5085] sendfile(6, 4, NULL, 281474978811909 [pid 5082] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... sendfile resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5085] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} => {parent_tid=[5095]}, 88) = 5095 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5023] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5094] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5023] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] getdents64(3, [pid 5094] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] <... getdents64 resumed>0x555556766730 /* 5 entries */, 32768) = 136 [pid 5023] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5023] <... umount2 resumed>) = 0 [pid 5023] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5094] <... mmap resumed>) = 0x7fc13f7ab000 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5094] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE [pid 5023] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] unlink("./1/bus") = 0 [pid 5094] <... mprotect resumed>) = 0 [pid 5023] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5023] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] unlink("./1/binderfs" [pid 5094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} [pid 5023] <... unlink resumed>) = 0 [pid 5023] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] <... umount2 resumed>) = 0 [pid 5020] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5020] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5020] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5020] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5020] close(4) = 0 [pid 5020] rmdir("./1/file0") = 0 [pid 5020] getdents64(3, 0x555556766730 /* 0 entries */, 32768) = 0 [pid 5020] close(3) = 0 [pid 5020] rmdir("./1"./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7fc13f7ec9a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5096 attached NULL, 8) = 0 [pid 5096] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5095] memfd_create("syzkaller", 0 [pid 5020] <... rmdir resumed>) = 0 [pid 5096] <... rseq resumed>) = 0 [pid 5095] <... memfd_create resumed>) = 3 [pid 5020] mkdir("./2", 0777 [pid 5096] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5095] <... mmap resumed>) = 0x7fc1373ab000 [pid 5020] <... mkdir resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5020] <... openat resumed>) = 3 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] ioctl(3, LOOP_CLR_FD [pid 5096] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5096] memfd_create("syzkaller", 0 [pid 5094] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5020] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5096] <... memfd_create resumed>) = 4 [pid 5020] close(3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5096] <... mmap resumed>) = 0x7fc12efab000 [pid 5020] <... close resumed>) = 0 [pid 5096] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5020] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5097 [pid 5095] <... write resumed>) = 262144 [pid 5095] munmap(0x7fc1373ab000, 262144) = 0 [ 57.099473][ T5086] ---[ end trace 0000000000000000 ]--- [ 57.119627][ T5023] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.143145][ T5086] RIP: 0010:ext4_enable_quotas+0xb7a/0xb90 [pid 5096] munmap(0x7fc12efab000, 262144) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 5096] ioctl(5, LOOP_SET_FD, 4 [pid 5095] ioctl(6, LOOP_SET_FD, 3./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x5555567656a0, 24) = 0 [pid 5097] chdir("./2") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, NULL, 8) = 0 [pid 5097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc13f7cc000 [pid 5097] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} => {parent_tid=[5098]}, 88) = 5098 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc13f7ab000 [pid 5097] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} => {parent_tid=[5099]}, 88) = 5099 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... sendfile resumed>) = 262143 [pid 5089] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053) = 0 [pid 5098] set_robust_list(0x7fc13f7ec9a0, 24) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc1373ab000 ./strace-static-x86_64: Process 5099 attached [pid 5099] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053) = 0 [pid 5099] set_robust_list(0x7fc13f7cb9a0, 24) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] memfd_create("syzkaller", 0) = 4 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc12efab000 [pid 5095] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5095] ioctl(6, LOOP_CLR_FD) = 0 [pid 5096] <... ioctl resumed>) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file0", 0777 [pid 5095] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5095] close(6) = 0 [pid 5095] close(3 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5095] <... close resumed>) = 0 [pid 5099] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5095] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] <... mkdir resumed>) = 0 [pid 5095] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5098] <... write resumed>) = 262144 [pid 5098] munmap(0x7fc1373ab000, 262144) = 0 [pid 5099] <... write resumed>) = 262144 [pid 5099] munmap(0x7fc12efab000, 262144) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5098] ioctl(5, LOOP_SET_FD, 3 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5099] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5099] ioctl(6, LOOP_CLR_FD) = 0 [pid 5098] <... ioctl resumed>) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file0", 0777 [pid 5099] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5099] close(6) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] creat("./bus", 000) = 3 [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5099] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... mount resumed>) = 0 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5099] write(-1, NULL, 0 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5097] <... futex resumed>) = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... open resumed>) = 4 [pid 5097] <... futex resumed>) = 0 [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] write(4, "\xc4", 1 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] <... write resumed>) = 1 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... open resumed>) = 6 [pid 5097] <... futex resumed>) = 0 [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] sendfile(4, 6, NULL, 281474978811909 [pid 5097] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] <... umount2 resumed>) = 0 [pid 5022] <... umount2 resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] newfstatat(AT_FDCWD, "./1/file0", [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(AT_FDCWD, "./1/file0", [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] newfstatat(AT_FDCWD, "./1/file0", [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5022] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5022] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... openat resumed>) = 4 [pid 5025] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5022] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5098] <... mkdir resumed>) = 0 [pid 5022] close(4 [pid 5098] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 5022] <... close resumed>) = 0 [pid 5025] <... openat resumed>) = 4 [pid 5023] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5022] rmdir("./1/file0" [pid 5025] newfstatat(4, "", [pid 5023] <... openat resumed>) = 4 [pid 5022] <... rmdir resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] newfstatat(4, "", [pid 5022] getdents64(3, [pid 5025] getdents64(4, [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5025] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5023] getdents64(4, [pid 5022] close(3 [pid 5025] getdents64(4, [pid 5022] <... close resumed>) = 0 [pid 5025] <... getdents64 resumed>0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5023] <... getdents64 resumed>0x55555676e770 /* 2 entries */, 32768) = 48 [ 57.153877][ T5096] loop4: detected capacity change from 0 to 512 [ 57.167032][ T5086] Code: ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 3a f7 ff ff 49 89 d6 48 89 df e8 13 07 99 ff 4c 89 f2 e9 27 f7 ff ff e8 36 35 40 ff <0f> 0b e8 2f 35 40 ff 0f 0b e8 e8 4d 71 08 0f 1f 84 00 00 00 00 00 [ 57.192602][ T5098] loop0: detected capacity change from 0 to 512 [pid 5022] rmdir("./1" [pid 5025] close(4 [pid 5023] getdents64(4, [pid 5022] <... rmdir resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5023] <... getdents64 resumed>0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5098] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5097] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5022] mkdir("./2", 0777 [pid 5098] ioctl(5, LOOP_CLR_FD [pid 5025] rmdir("./1/file0" [pid 5023] close(4 [pid 5022] <... mkdir resumed>) = 0 [pid 5098] <... ioctl resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5023] <... close resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556765690) = 5102 [ 57.233050][ T5098] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 57.241837][ T5096] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.267849][ T5096] ext4 filesystem being mounted at /root/syzkaller.tkkQTx/2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5099] <... sendfile resumed>) = 262143 [pid 5098] close(5 [pid 5096] <... mount resumed>) = 0 [pid 5025] getdents64(3, [pid 5023] rmdir("./1/file0" [pid 5099] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x5555567656a0, 24) = 0 [pid 5102] chdir("./2") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] <... close resumed>) = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5025] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5098] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... rmdir resumed>) = 0 [pid 5096] <... openat resumed>) = 3 [pid 5025] close(3 [pid 5102] write(3, "1000", 4 [pid 5098] <... futex resumed>) = 0 [pid 5096] chdir("./file0" [pid 5023] getdents64(3, [pid 5102] <... write resumed>) = 4 [pid 5098] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... chdir resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5023] <... getdents64 resumed>0x555556766730 /* 0 entries */, 32768) = 0 [pid 5102] close(3 [pid 5097] exit_group(0 [pid 5096] ioctl(5, LOOP_CLR_FD [pid 5025] rmdir("./1" [pid 5023] close(3 [pid 5102] <... close resumed>) = 0 [pid 5099] <... futex resumed>) = ? [pid 5098] <... futex resumed>) = ? [pid 5097] <... exit_group resumed>) = ? [pid 5102] symlink("/dev/binderfs", "./binderfs" [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5096] <... ioctl resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5023] <... close resumed>) = 0 [pid 5102] <... symlink resumed>) = 0 [pid 5102] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7fc13f8560e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc13f847290}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc13f7cc000 [pid 5102] mprotect(0x7fc13f7cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7ec990, parent_tid=0x7fc13f7ec990, exit_signal=0, stack=0x7fc13f7cc000, stack_size=0x20300, tls=0x7fc13f7ec6c0} => {parent_tid=[5103]}, 88) = 5103 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc13f7ab000 [pid 5102] mprotect(0x7fc13f7ac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc13f7cb990, parent_tid=0x7fc13f7cb990, exit_signal=0, stack=0x7fc13f7ab000, stack_size=0x20300, tls=0x7fc13f7cb6c0} => {parent_tid=[5104]}, 88) = 5104 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7fc13f8b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7fc13f8b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7fc13f7ecfe0, 0x20, 0, 0x53053053 [pid 5096] close(5 [pid 5025] mkdir("./2", 0777 [pid 5023] rmdir("./1" [pid 5103] <... rseq resumed>) = 0 [pid 5103] set_robust_list(0x7fc13f7ec9a0, 24) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5023] <... rmdir resumed>) = 0 [pid 5096] <... close resumed>) = 0 [pid 5096] futex(0x7fc13f8b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... mkdir resumed>) = 0 [pid 5103] memfd_create("syzkaller", 0 [pid 5096] <... futex resumed>) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5023] mkdir("./2", 0777 [pid 5096] futex(0x7fc13f8b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5103] <... memfd_create resumed>) = 3 [pid 5095] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5023] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5104 attached [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 57.286926][ T5086] RSP: 0018:ffffc90003d7f880 EFLAGS: 00010293 [ 57.295482][ T5086] RAX: ffffffff824b82fa RBX: 0000000000000000 RCX: ffff88802cd08000 [ 57.304167][ T5086] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.313704][ T5086] RBP: ffffc90003d7fa50 R08: ffffffff824b7bf4 R09: 1ffff1100eadb457 [ 57.322389][ T5086] R10: dffffc0000000000 R11: ffffed100eadb458 R12: 0000000000000001 [pid 5095] creat("./bus", 000 [pid 5025] <... openat resumed>) = 3 [pid 5104] rseq(0x7fc13f7cbfe0, 0x20, 0, 0x53053053 [pid 5103] <... mmap resumed>) = 0x7fc1373ab000 [pid 5095] <... creat resumed>) = 4 [pid 5094] futex(0x7fc13f8b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5104] <... rseq resumed>) = 0 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5095] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5104] set_robust_list(0x7fc13f7cb9a0, 24 [pid 5097] +++ exited with 0 +++ [pid 5095] <... futex resumed>) = 0 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5095] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5020] restart_syscall(<... resuming interrupted clone ...> [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] memfd_create("syzkaller", 0) = 4 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5020] <... restart_syscall resumed>) = 0 [pid 5104] <... mmap resumed>) = 0x7fc12efab000 [pid 5104] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5020] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5020] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] getdents64(3, 0x555556766730 /* 5 entries */, 32768) = 136 [pid 5020] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5103] <... write resumed>) = 262144 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5023] <... openat resumed>) = 3 [pid 5020] <... umount2 resumed>) = 0 [pid 5103] munmap(0x7fc1373ab000, 262144 [pid 5020] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5104] <... write resumed>) = 262144 [pid 5103] <... munmap resumed>) = 0 [pid 5094] futex(0x7fc13f8b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] close(3 [pid 5023] ioctl(3, LOOP_CLR_FD [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5104] munmap(0x7fc12efab000, 262144 [pid 5020] newfstatat(AT_FDCWD, "./2/bus", [pid 5104] <... munmap resumed>) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5020] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5103] <... openat resumed>) = 5 [pid 5020] unlink("./2/bus" [pid 5104] <... openat resumed>) = 6 [ 57.334791][ T5086] R13: 0000000000000001 R14: ffff88801675d464 R15: dffffc0000000000 [ 57.343150][ T5086] FS: 00007fc13f7ec6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.353306][ T5086] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.361698][ T5086] CR2: 0000555556776778 CR3: 000000001635a000 CR4: 00000000003506e0 [ 57.364988][ T5103] loop2: detected capacity change from 0 to 512 [ 57.370763][ T5086] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 5103] ioctl(5, LOOP_SET_FD, 3 [pid 5020] <... unlink resumed>) = 0 [pid 5104] ioctl(6, LOOP_SET_FD, 4 [pid 5095] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5025] <... close resumed>) = 0 [pid 5023] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5020] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5095] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5020] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5095] <... mount resumed>) = 0 [pid 5020] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5095] futex(0x7fc13f8b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5020] unlink("./2/binderfs" [pid 5095] futex(0x7fc13f8b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] <... unlink resumed>) = 0 [pid 5020] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5020] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5020] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5020] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5020] getdents64(4, 0x55555676e770 /* 2 entries */, 32768) = 48 [pid 5020] getdents64(4, 0x55555676e770 /* 0 entries */, 32768) = 0 [pid 5020] close(4) = 0 [pid 5020] rmdir("./2/file0") = 0 [pid 5020] getdents64(3, 0x555556766730 /* 0 entries */, 32768) = 0 [ 57.383990][ T5086] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.393426][ T5086] Kernel panic - not syncing: Fatal exception [ 57.399735][ T5086] Kernel Offset: disabled [ 57.404060][ T5086] Rebooting in 86400 seconds..